0.24.0-beta.0

fix: bumps sveltekit starter dependency versions to prevent typescript config error

feat: expose canister upgrade options in CLI

dfx canister install and dfx deploy takes options --skip-pre-upgrade and --wasm-memory-persistence.

dfx deploy --mode now takes the same possible values as dfx canister install --mode: "install", "reinstall", "upgrade" and "auto".

In "auto" mode, the upgrade options are hints which only take effects when the actual install mode is "upgrade".

To maintain backward compatibility, a minor difference between the two commands remains.
If the --mode is not set, dfx deploy defaults to "auto", while dfx canister install defaults to "install".

feat: Also report Motoko stable compatibility warnings

Report upgrade compatibility warnings for Motoko, such as deleted stable variables, in addition to compatibility errors.

feat: Support for Motoko's enhanced orthogonal persistence.

Support Motoko's enhanced orthogonal persistence by automatically setting the canister upgrade option wasm_memory_persistence based on the Wasm metadata.

feat: PocketIC state

dfx start --pocketic no longer requires --clean, and can persist replica state between runs.

fix: Scripts always run with current directory set to the project root

Build scripts and other scripts now always run with the working directory
set to the project root (directory containing dfx.json).

This applies to the following:

• build scripts
• extension run
• tech stack value computation
• packtool (vessel, mops etc)

feat: dfx extension list supports listing available extensions

dfx extension list now support --available flag to list available extensions from the
extension catalog.
The extension catalog can be overridden with the --catalog-url parameter.

Dependencies

Frontend canister

Added create_chunks. It has the same behavior as create_chunk, except that it takes a vec blob and returns a vec BatchId instead of non-vec variants.

Module hash: 3a533f511b3960b4186e76cf9abfbd8222a2c507456a66ec55671204ee70cae3

Motoko

Updated Motoko to 0.12.1

0.23.0

fix: relax content security policy for sveltekit starter

We had to roll back part of the increased default security policy for the sveltekit starter due to the framework's use of inline scripts

feat: Add canister snapshots

The new dfx canister snapshot command can be used to create, apply, and delete snapshots of stopped canisters.

feat: PocketIC HTTP gateway

icx-proxy's HTTP gateway has been replaced with PocketIC's. (This does not impact the meaning of --pocketic in dfx start.)

feat: Enable threshold schnorr signatures for Ed25519

Schnorr signature signing for Ed25519 is now enabled.
A test key id Ed25519:dfx_test_key is ready to be used by locally created canisters.

feat: Added settings_digest field to the network-id file

feat: install extensions using the catalog

dfx extension install now locates extensions using the
extension catalog.
This can be overridden with the --catalog-url parameter.

Dependencies

Replica

Updated replica to elected commit 3d0b3f10417fc6708e8b5d844a0bac5e86f3e17d.
This incorporates the following executed proposals:

• 131473
• 131390
• 131055
• 131054
• 131032
• 131028

feat: generate .env files for Motoko canisters

feat: support "security_policy" and "disable_security_policy_warning" in .ic-assets.json5

This change has an accompanying migration guide. Please see the 0.23.0 migration guide for instructions on how to adapt your project to this feature.

It is now possible to specify a "security_policy" field in .ic-assets.json5 for asset configurations.
Valid options are "disabled", "standard", and "hardened".
The security policy provides a set of standard headers to make frontends more secure.
Headers manually specified in the "headers" field take precedence over the security policy headers.

If "security_policy" is not specified or "disabled" is set, then no headers are added. If "security_policy" is not set at all, a warning is displayed that there is no security policy set.

If "standard" is specified, a set of security headers is added to the asset. The headers can be displayed with dfx info security-policy.
It is a set of security headers that will work for most dapps. A warning is displayed that the headers could be hardened.

If "hardened" is set, the same headers as with "standard" are added.
The asset sync expects that improved headers are set that would improve security where appropriate.
If no custom headers are present the asset sync will fail with an error.

All warnings regarding security policies can be disabled with ``"disable_security_policy_warning": true`. It needs to be set per asset.

The standard/hardened security policy headers can be seen with dfx info security-policy.
It also contains a lot of suggestions on how to harden the policy.

Updated the starter projects to use "security_policy" instead of including the whole security policy by defining individual headers.

feat: dfx info security-policy

Shows the headers that get applied to assets that are configured to "security_policy": "standard" or "security_policy": "hardened" in .ic-assets.json5.
Produces output that can be directly pasted into a .json5 document.

feat: dfx extension install <url to extension.json>

It's now possible for dfx extension install to install an extension from
somewhere other than https://github.com/dfinity/dfx-extensions, by passing
a URL to an extension.json file rather than an extension name.

For example, these are equivalent:

dfx extension install nns
dfx extension install https://github.com/raw/dfinity/dfx-extensions/main/extensions/nns/extension.json

This update also adds the optional field download_url_template to extension.json,
which dfx will use to locate an extension release archive.

fix: dfx extension install no longer reports an error if the extension is already installed

However, if a version is specified with --version, and the installed version is different,
then dfx extension install will still report an error.

fix: dfx ledger create-canister sets controller properly

A recent hotfix to the CMC changed how the arguments to notify_create_canister need to be passed.
dfx now again properly calls that function.

feat: display replica port in dfx start

This replaces the dashboard link, which is now shown only in verbose mode. This should hopefully be less confusing for new users.

feat!: add crate field to dfx.json

It is now possible to specify a particular crate within a Rust package to use for a canister module, using the crate field.
This enables specifying crates with different names than the package. In a few cases these were previously auto-detected
by dfx, you will need to add this field if you were using such a setup.

feat: the --wallet parameter now accepts an identity name

The --wallet parameter can now be either a principal or the name of an identity.

If the name of an identity, dfx looks up the associated wallet's principal.

This means --wallet <name> is the equivalent of --wallet $(dfx identity get-wallet --identity <name>).

fix: display error cause of some http-related errors

Some commands that download http resources, for example dfx extension install, will
once again display any error cause.

chore: remove the deprecated --use-old-metering flag

0.23.0-beta.3

Release: 0.23.0-beta.3

0.23.0-beta.2

Release: 0.23.0-beta.2

0.23.0-beta.1

Release: 0.23.0-beta.1

0.23.0-beta.0

Dependencies

Replica

Updated replica to elected commit 2c0b76cfc7e596d5c4304cff5222a2619294c8c1.
This incorporates the following executed proposals:

• 131390
• 131055
• 131054
• 131032
• 131028
• 130985
• 130984
• 130819
• 130818
• 130748
• 130749
• 130728
• 130727
• 130409
• 130408
• 130392
• 130400
• 130315
• 130134
• 130083
• 129747
• 129746
• 129706
• 129697
• 129696
• 129628
• 129627
• 129494
• 129493
• 129428
• 129427
• 129423
• 129408
• 129379
• 129378
• 129084
• 129081
• 129035
• 128876
• 128904
• 128864
• 128816
• 128846
• 128806
• 128805
• 128296
• 128295
• 128171
• 128155

feat: generate .env files for Motoko canisters

feat: support "security_policy" and "disable_security_policy_warning" in .ic-assets.json5

This change has an accompanying migration guide. Please see the 0.23.0 migration guide for instructions on how to adapt your project to this feature.

It is now possible to specify a "security_policy" field in .ic-assets.json5 for asset configurations.
Valid options are "disabled", "standard", and "hardened".
The security policy provides a set of standard headers to make frontends more secure.
Headers manually specified in the "headers" field take precedence over the security policy headers.

If "security_policy" is not specified or "disabled" is set, then no headers are added. If "security_policy" is not set at all, a warning is displayed that there is no security policy set.

If "standard" is specified, a set of security headers is added to the asset. The headers can be displayed with dfx info security-policy.
It is a set of security headers that will work for most dapps. A warning is displayed that the headers could be hardened.

If "hardened" is set, the same headers as with "standard" are added.
The asset sync expects that improved headers are set that would improve security where appropriate.
If no custom headers are present the asset sync will fail with an error.

All warnings regarding security policies can be disabled with ``"disable_security_policy_warning": true`. It needs to be set per asset.

The standard/hardened security policy headers can be seen with dfx info security-policy.
It also contains a lot of suggestions on how to harden the policy.

Updated the starter projects to use "security_policy" instead of including the whole security policy by defining individual headers.

feat: dfx info security-policy

Shows the headers that get applied to assets that are configured to "security_policy": "standard" or "security_policy": "hardened" in .ic-assets.json5.
Produces output that can be directly pasted into a .json5 document.

feat: dfx extension install <url to extension.json>

It's now possible for dfx extension install to install an extension from
somewhere other than https://github.com/dfinity/dfx-extensions, by passing
a URL to an extension.json file rather than an extension name.

For example, these are equivalent:

dfx extension install nns
dfx extension install https://github.com/raw/dfinity/dfx-extensions/main/extensions/nns/extension.json

This update also adds the optional field download_url_template to extension.json,
which dfx will use to locate an extension release archive.

fix: dfx extension install no longer reports an error if the extension is already installed

However, if a version is specified with --version, and the installed version is different,
then dfx extension install will still report an error.

fix: dfx ledger create-canister sets controller properly

A recent hotfix to the CMC changed how the arguments to notify_create_canister need to be passed.
dfx now again properly calls that function.

feat: display replica port in dfx start

This replaces the dashboard link, which is now shown only in verbose mode. This should hopefully be less confusing for new users.

feat!: add crate field to dfx.json

It is now possible to specify a particular crate within a Rust package to use for a canister module, using the crate field.
This enables specifying crates with different names than the package. In a few cases these were previously auto-detected
by dfx, you will need to add this field if you were using such a setup.

feat: the --wallet parameter now accepts an identity name

The --wallet parameter can now be either a principal or the name of an identity.

If the name of an identity, dfx looks up the associated wallet's principal.

This means --wallet <name> is the equivalent of --wallet $(dfx identity get-wallet --identity <name>).

fix: display error cause of some http-related errors

Some commands that download http resources, for example dfx extension install, will
once again display any error cause.

chore: remove the deprecated --use-old-metering flag

0.22.0

asset uploads: retry some HTTP errors returned by the replica

Now retries the following, with exponential backoff as is already done for connect and transport errors:

• 500 internal server error
• 502 bad gateway
• 503 service unavailable
• 504 gateway timeout
• 429 many requests

fix: Allow canisters to be deployed even if unrelated canisters in dfx.json are malformed

feat!: enable cycles ledger support unconditionally

chore!: removed unsafe-eval CSP from default starter template

To do this, the @dfinity/agent version was updated as well.

fix: dfx build no longer requires a password for password-protected identities

chore!: enforce --wallet requirement for dfx canister call --with-cycles earlier

feat: add dfx schema support for .json files related to extensions

• dfx schema --for extension-manifest corresponds to extension.json
• dfx schema --for extension-dependencies corresponds to dependencies.json

chore!: enforce minimum password length of 9 characters

The NIST guidelines require passwords to be longer than 8 characters.
This is now enforced when creating new identities.
Identities protected by a shorter password can still be decrypted.

feat: dfx extension install now uses the extension's dependencies.json file to pick the highest compatible version

feat: Enable threshold schnorr signatures for Bip340Secp256k1

Schnorr signature signing for Bip340Secp256k1 is now enabled.
A test key id Bip340Secp256k1:dfx_test_key is ready to be used by locally created canisters.

Dependencies

Replica

Updated replica to elected commit 5849c6daf2037349bd36dcb6e26ce61c2c6570d0.
This incorporates the following executed proposals:

• 130985
• 130984
• 130819
• 130818
• 130748
• 130749
• 130728
• 130727
• 130409
• 130408

Motoko

Updated Motoko to 0.11.2

0.21.0

feat: dfx killall

Introduced dfx killall, a command for killing DFX-started processes.

feat!: remove support for bitcoin query API

dfx call --query aaaaa-aa bitcoin_get_balance_query/bitcoin_get_utxos_query will result in an error.

fix: simplified log message when using the default shared network configuration

Now displays Using the default configuration for the local shared network.
instead of Using the default definition for the 'local' shared network because ~/.config/dfx/networks.json does not define it.

chore!: Improved error message about canister ranges when directly connecting to a node on a non-root subnet

feat: dfx start for the shared local network stores replica state files in unique directories by options

The state files for different replica versions are often incompatible,
so dfx start requires the --clean argument in order to reset data when
using different replica versions or different replica options.

For the local shared network, dfx now stores replica state files in different
directories, split up by replica version and options.

As an example, you'll be able to do things like this going forward:

dfx +0.21.0 start
(cd project1 && dfx deploy && dfx canister call ...)
dfx stop

dfx +0.22.0 start
# notice --clean is not required.
# even if --clean were passed, the canisters for project1 would be unaffected.
(cd project2 && dfx deploy)
# project1 won't be affected unless you call dfx in its directory
dfx stop

dfx +0.21.0 start
# the canisters are still deployed
(cd project1 && dfx canister call ...)

Prior to this change, the second dfx start would have had to include --clean,
which would have reset the state of the shared local network, affecting all projects.

This also means dfx start for the shared local network won't ever require you to pass --clean.

dfx start will delete old replica state directories. At present, it retains the 10 most recently used.

This doesn't apply to project-specific networks, and it doesn't apply with --pocketic.

It doesn't apply to project-specific networks because the project's canister ids would
reset anyway on first access. If you run dfx start in a project directory where dfx.json
defines the local network, you'll still be prompted to run with --clean if using a
different replica version or different replica options.

It doesn't apply to --pocketic because PocketIC does not yet persist any data.

feat: allow specifying encodings in .ic-assets.json

When uploading assets to an asset canister, dfx by default uploads .txt, .html and .js files in identity encoding but also in gzip encoding to the frontend canister if encoding saves bytes.
It is now possible to specify in .ic-assets.json which encodings are used besides identity.
Note that encodings are only used if the encoding saves bytes compared to identity or if identity is not a specified encoding.

Example: To turn off gzip for .js files and to turn on gzip for .jpg files, use this in .ic-assets.json:

{
  "match": "**/*.js",
  "encodings": ["identity"]
},
{
  "match": "**/*.jpg",
  "encodings": ["identity", "gzip"]
}

feat: dfx canister url

Add dfx canister url subcommand to display the url of a given canister. Basic usage as below:

dfx canister url <canister>

The <canister> argument specifies the name or id of the canister for which you want to display the url.

feat: log_visibility canister setting

Adds support for the log_visibility canister setting, which configures which users are allowed to read a canister's logs.
Valid options are controllers and public. The setting can be used with the --log-visibility flag in dfx canister create
and dfx canister update-settings, or in dfx.json under canisters[].initialization_values.log_visibility.

Asset canister synchronization

feat: support brotli encoding

Asset synchronization now not only supports identity and gzip, but also brotli encoding.
The default encodings are still

• identity and gzip for MIME types .txt, .html and .js
• identity for anything else

Dependencies

Frontend canister

fix!: URL decoding follows the whatwg standard

Previously, the frontend canister used custom logic to decode URLs.
The logic was replaced with a dependency that follows https://url.spec.whatwg.org/#percent-decode, which is what JavaScript's new Request("https://example.com/% $").url also uses.
This also drops support for decoding %% to %. % does no longer need to be encoded.

URLs that contain invalid encodings now return 400 Bad Request instead of 500 Internal Server Error

• Module hash: 2cc4ec4381dee231379270a08403c984986c9fc0c2eaadb64488b704a3104cc0
• #3767

Replica

Updated replica to elected commit 246d0ce0784d9990c06904809722ce5c2c816269.
This incorporates the following executed proposals:

• 130392
• 130400
• 130315
• 130134

0.22.0-beta.0

asset uploads: retry some HTTP errors returned by the replica

Now retries the following, with exponential backoff as is already done for connect and transport errors:

• 500 internal server error
• 502 bad gateway
• 503 service unavailable
• 504 gateway timeout
• 429 many requests

fix: Allow canisters to be deployed even if unrelated canisters in dfx.json are malformed

feat!: enable cycles ledger support unconditionally

chore!: removed unsafe-eval CSP from default starter template

To do this, the @dfinity/agent version was updated as well.

fix: dfx build no longer requires a password for password-protected identities

chore!: enforce --wallet requirement for dfx canister call --with-cycles earlier

feat: add dfx schema support for .json files related to extensions

• dfx schema --for extension-manifest corresponds to extension.json
• dfx schema --for extension-dependencies corresponds to dependencies.json

chore!: enforce minimum password length of 9 characters

The NIST guidelines require passwords to be longer than 8 characters.
This is now enforced when creating new identities.
Identities protected by a shorter password can still be decrypted.

feat: dfx extension install now uses the extension's dependencies.json file to pick the highest compatible version

feat: Enable threshold schnorr signatures for Bip340Secp256k1

Schnorr signature signing for Bip340Secp256k1 is now enabled.
A test key id Bip340Secp256k1:dfx_test_key is ready to be used by locally created canisters.

Dependencies

Replica

Updated replica to elected commit 5849c6daf2037349bd36dcb6e26ce61c2c6570d0.
This incorporates the following executed proposals:

• 130985
• 130984
• 130819
• 130818
• 130748
• 130749
• 130728
• 130727
• 130409
• 130408

Motoko

Updated Motoko to 0.11.2

0.21.0-beta.0

feat: dfx killall

Introduced dfx killall, a command for killing DFX-started processes.

feat!: remove support for bitcoin query API

dfx call --query aaaaa-aa bitcoin_get_balance_query/bitcoin_get_utxos_query will result in an error.

fix: simplified log message when using the default shared network configuration

Now displays Using the default configuration for the local shared network.
instead of Using the default definition for the 'local' shared network because ~/.config/dfx/networks.json does not define it.

chore!: Improved error message about canister ranges when directly connecting to a node on a non-root subnet

feat: dfx start for the shared local network stores replica state files in unique directories by options

The state files for different replica versions are often incompatible,
so dfx start requires the --clean argument in order to reset data when
using different replica versions or different replica options.

For the local shared network, dfx now stores replica state files in different
directories, split up by replica version and options.

As an example, you'll be able to do things like this going forward:

dfx +0.21.0 start
(cd project1 && dfx deploy && dfx canister call ...)
dfx stop

dfx +0.22.0 start
# notice --clean is not required.
# even if --clean were passed, the canisters for project1 would be unaffected.
(cd project2 && dfx deploy)
# project1 won't be affected unless you call dfx in its directory
dfx stop

dfx +0.21.0 start
# the canisters are still deployed
(cd project1 && dfx canister call ...)

Prior to this change, the second dfx start would have had to include --clean,
which would have reset the state of the shared local network, affecting all projects.

This also means dfx start for the shared local network won't ever require you to pass --clean.

dfx start will delete old replica state directories. At present, it retains the 10 most recently used.

This doesn't apply to project-specific networks, and it doesn't apply with --pocketic.

It doesn't apply to project-specific networks because the project's canister ids would
reset anyway on first access. If you run dfx start in a project directory where dfx.json
defines the local network, you'll still be prompted to run with --clean if using a
different replica version or different replica options.

It doesn't apply to --pocketic because PocketIC does not yet persist any data.

feat: allow specifying encodings in .ic-assets.json

When uploading assets to an asset canister, dfx by default uploads .txt, .html and .js files in identity encoding but also in gzip encoding to the frontend canister if encoding saves bytes.
It is now possible to specify in .ic-assets.json which encodings are used besides identity.
Note that encodings are only used if the encoding saves bytes compared to identity or if identity is not a specified encoding.

Example: To turn off gzip for .js files and to turn on gzip for .jpg files, use this in .ic-assets.json:

{
  "match": "**/*.js",
  "encodings": ["identity"]
},
{
  "match": "**/*.jpg",
  "encodings": ["identity", "gzip"]
}

feat: dfx canister url

Add dfx canister url subcommand to display the url of a given canister. Basic usage as below:

dfx canister url <canister>

The <canister> argument specifies the name or id of the canister for which you want to display the url.

feat: log_visibility canister setting

Adds support for the log_visibility canister setting, which configures which users are allowed to read a canister's logs.
Valid options are controllers and public. The setting can be used with the --log-visibility flag in dfx canister create
and dfx canister update-settings, or in dfx.json under canisters[].initialization_values.log_visibility.

Asset canister synchronization

feat: support brotli encoding

Asset synchronization now not only supports identity and gzip, but also brotli encoding.
The default encodings are still

• identity and gzip for MIME types .txt, .html and .js
• identity for anything else

Dependencies

Frontend canister

fix!: URL decoding follows the whatwg standard

Previously, the frontend canister used custom logic to decode URLs.
The logic was replaced with a dependency that follows https://url.spec.whatwg.org/#percent-decode, which is what JavaScript's new Request("https://example.com/% $").url also uses.
This also drops support for decoding %% to %. % does no longer need to be encoded.

URLs that contain invalid encodings now return 400 Bad Request instead of 500 Internal Server Error

• Module hash: 2cc4ec4381dee231379270a08403c984986c9fc0c2eaadb64488b704a3104cc0
• #3767

Replica

Updated replica to elected commit 246d0ce0784d9990c06904809722ce5c2c816269.
This incorporates the following executed proposals:

• 130392
• 130400
• 130315
• 130134