fix(deps): update dependency @coral-xyz/anchor to v0.30.1

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@coral-xyz/anchor	0.28.1-beta.1 -> 0.30.1
@coral-xyz/anchor	^0.28.0 -> ^0.30.0
@coral-xyz/anchor	^0.27.0 -> ^0.30.0

---

Release Notes

coral-xyz/anchor (@​coral-xyz/anchor)

v0.30.1

Compare Source

Features

• idl: Allow overriding the idl build toolchain with the RUSTUP_TOOLCHAIN environment variable (#​2941).
• avm: Support customizing the installation location using AVM_HOME environment variable (#​2917).
• avm: Optimize avm list when GitHub API rate limits are reached (#​2962)
• idl, ts: Add accounts resolution for associated token accounts (#​2927).
• cli: Add --no-install option to the init command (#​2945).
• lang: Implement TryFromIntError for Error to be able to propagate integer conversion errors (#​2950).
• idl: Add ability to convert legacy IDLs (#​2986).
• ts: Extract Anchor error codes into their own package (#​2983).
• cli: Add additional solana arguments to the upgrade command (#​2998).
• spl: Export spl-associated-token-account crate (#​2999).
• lang: Support legacy IDLs with declare_program! (#​2997).
• cli: Add idl convert command (#​3009).
• cli: Add idl type command (#​3017).
• lang: Add anchor_lang::pubkey macro for declaring Pubkey const values (#​3021).
• cli: Sync program ids on the initial build (#​3023).
• idl: Remove anchor-syn dependency (#​3030).
• lang: Add const of program ID to declare_id! and declare_program! (#​3019).
• idl: Add separate spec crate (#​3036).

Fixes

• lang: Eliminate variable allocations that build up stack space for token extension code generation (#​2913).
• ts: Fix incorrect maxSupportedTransactionVersion in AnchorProvider.send*() methods (#​2922).
• cli: Use npm's configured default license for new projects made with anchor init (#​2929).
• cli: add filename to 'Unable to read keypair file' errors (#​2932).
• idl: Fix path resolution of the Cargo.lock of the project when generating idls for external types (#​2946).
• idl: Fix potential panic on external type resolution (#​2954).
• lang: Fix using defined types in instruction parameters with declare_program! (#​2959).
• lang: Fix using const generics with declare_program! (#​2965).
• lang: Fix using Vec<u8> type with declare_program! (#​2966).
• lang: Fix ProgramError::ArithmeticOverflow not found error (#​2975).
• lang: Fix using optional accounts with declare_program! (#​2967).
• lang: Fix instruction return type generation with declare_program! (#​2977).
• cli: Fix IDL write getting corrupted from retries (#​2964).
• idl: Fix unexpected_cfgs build warning (#​2992).
• lang: Make tuple struct fields public in declare_program! (#​2994).
• Remove rust-version from crate manifests (#​3000).
• cli: Fix upgradeable program clones (#​3010).
• ts: Fix using IDLs that have defined types as generic arguments (#​3016).
• idl: Fix generation with unsupported expressions (#​3033).
• idl: Fix using address constraint with field expressions (#​3034).
• lang: Fix using bytemuckunsafe account serialization with declare_program! (#​3037).

Breaking

v0.30.0

Compare Source

See the Anchor 0.30 release notes for a high-level overview of how to update.

Features

• cli: Allow force init and new (#​2698).
• cli: Add verifiable option when deploy (#​2705).
• cli: Add support for passing arguments to the underlying solana program deploy command with anchor deploy (#​2709).
• lang: Add InstructionData::write_to implementation (#​2733).
• lang: Add #[interface(..)] attribute for instruction discriminator overrides (#​2728).
• ts: Add .interface(..) method for instruction discriminator overrides (#​2728).
• cli: Check anchor-lang and CLI version compatibility (#​2753).
• ts: Add missing IDL PDA seed types (#​2752).
• cli: idl close accepts optional --idl-address parameter (#​2760).
• cli: Add support for simple wildcard patterns in Anchor.toml's workspace.members and workspace.exclude. (#​2785).
• cli: Add --test-template option for init command (#​2805).
• cli: anchor test is able to run multiple commands (#​2799).
• cli: Check @coral-xyz/anchor package and CLI version compatibility (#​2813).
• cli: Accept package name as program name (#​2816).
• cli: Add ability to build and test only a specified program (#​2823).
• idl: Add new IDL spec (#​2824).
• idl: Add support for reprs (#​2824).
• idl: Add support for expression evaluation (#​2824).
• idl: Add support for using external types when generating the IDL (#​2824).
• idl, ts: Add unit and tuple struct support (#​2824).
• idl, ts: Add generics support (#​2824).
• ts: Add accountsPartial method to keep the old accounts method behavior (#​2824).
• ts: Make opts parameter of AnchorProvider constructor optional (#​2843).
• cli: Add --no-idl flag to the build command (#​2847).
• cli: Add priority fees to idl commands (#​2845).
• ts: Add prepend option to MethodBuilder preInstructions method (#​2863).
• lang: Add declare_program! macro (#​2857).
• cli: Add deactivate_feature flag to solana-test-validator config in Anchor.toml (#​2872).
• idl: Add docs field for constants (#​2887).
• idl: Store deployment addresses for other clusters (#​2892).
• lang: Add Event utility type to get events from bytes (#​2897).
• lang, spl: Add support for token extensions (#​2789).
• lang: Return overflow error from Lamports trait operations (#​2907).

Fixes

• syn: Add missing new_from_array method to Hash (#​2682).
• cli: Switch to Cargo feature resolver(resolver = "2") (#​2676).
• cli: Fix using user specific path for provider.wallet in Anchor.toml (#​2696).
• syn: Fix IDL constant seeds parsing (#​2699).
• cli: Display errors if toolchain override restoration fails (#​2700).
• cli: Fix commit based anchor_version override (#​2704).
• spl: Fix compilation with shmem feature enabled (#​2722).
• cli: Localhost default test validator address changes from localhost to 127.0.0.1, NodeJS 17 IP resolution changes for IPv6 (#​2725).
• lang: Eliminate temporary Vec allocations when serializing data with discriminant and set the default capacity to 256 bytes (#​2691).
• lang: Allow custom lifetime in Accounts structure (#​2741).
• lang: Remove try_to_vec usage while setting the return data in order to reduce heap memory usage (#​2744)
• cli: Show installation progress if Solana tools are not installed when using toolchain overrides (#​2757).
• ts: Fix formatting enums (#​2763).
• cli: Fix migrate command not working without global ts-node installation (#​2767).
• client, lang, spl, syn: Enable all features for docs.rs build (#​2774).
• ts: Fix construction of field layouts for type aliased instruction arguments (#​2821)
• idl: Fix IDL (#​2824).
• idl, ts: Make casing consistent (#​2824).
• ts: Fix not being able to use numbers in instruction, account, or event names in some cases due to case conversion (#​2824).
• cli: Fix excessive test validator requests (#​2828).
• client: Fix parse_logs_response to prevent panics when more than 1 outer instruction exists in logs (#​2856).
• avm, cli: Fix stdsimd feature compilation error from ahash when installing the CLI using newer Rust versions (#​2867).
• spl: Fix not being able to deserialize newer token 2022 extensions (#​2876).
• spl: Remove solana-program dependency (#​2900).
• spl: Make TokenAccount and Mint Copy (#​2904).
• ts: Add missing errors (#​2906).

Breaking

• cli: Make cargo build-sbf the default build command (#​2694).
• cli: Require explicit overflow-checks flag (#​2716).
• ts: Remove anchor-deprecated-state feature (#​2717).
• lang: Remove CLOSED_ACCOUNT_DISCRIMINATOR (#​2726).
• lang: Make bumps of optional accounts Option<u8> rather than u8 (#​2730).
• spl: Remove shared-memory program (#​2747).
• ts: Remove associated, account.associated and account.associatedAddress methods (#​2749).
• cli: idl upgrade command closes the IDL buffer account (#​2760).
• cli: Remove --jest option from the init command (#​2805).
• cli: Require idl-build feature in program Cargo.toml (#​2824).
• cli: Rename seeds feature to resolution and make it enabled by default (#​2824).
• cli: Remove idl parse command (#​2824).
• idl: Change IDL spec (#​2824).
• syn: Remove idl-parse and seeds features (#​2824).
• ts: Change accounts method to no longer accept resolvable accounts (#​2824).
• ts: Program instances use camelCase for everything (#​2824).
• ts: Remove discriminator functions (#​2824).
• ts: Remove programId parameter of the Program constructor (#​2864).
• idl, syn: Move IDL types from the anchor-syn crate to the new IDL crate (#​2882).
• idl: Add #[non_exhaustive] to IDL enums (#​2890).

v0.29.0

Compare Source

See the Anchor 0.29 release notes for a high-level overview of how to update.

Features

• lang: Change all accounts to have a reference to AccountInfo (#​2656).
• lang: Add get_lamports, add_lamports and sub_lamports methods for all account types (#​2552).
• client: Add a helper struct DynSigner to simplify use of Client<C> where <C: Clone + Deref<Target = impl Signer>> with Solana clap CLI utils that loads Signer as Box<dyn Signer> (#​2550).
• lang: Allow CPI calls matching an interface without pinning program ID (#​2559).
• cli, lang: Add IDL generation through compilation. anchor build still uses parsing method to generate IDLs, use anchor idl build to generate IDLs with the build method (#​2011).
• avm: Add support for the .anchorversion file to facilitate switching between different versions of the anchor-cli (#​2553).
• ts: Add ability to access workspace programs independent of the casing used, e.g. anchor.workspace.myProgram, anchor.workspace.MyProgram... (#​2579).
• bench: Add benchmarking for program binary size (#​2591).
• spl: Export mpl-token-metadata crate (#​2583).
• spl: Add TokenRecordAccount for pNFTs (#​2597).
• ts: Add support for unnamed(tuple) enum in accounts (#​2601).
• cli: Add program template with multiple files for instructions, state... (#​2602).
• bench: Add benchmarking for stack memory usage (#​2617).
• lang: Box the inner enums of anchor_lang::error::Error to optimize anchor_lang::Result (#​2600).
• ts: Add strong type support for Program.addEventListener method (#​2627).
• syn: Add IdlBuild trait to implement IDL support for custom types (#​2629).
• spl: Add idl-build feature. IDL build method will not work without enabling this feature when using anchor-spl (#​2629).
• lang: Add support for type aliases in IDLs (#​2637).
• cli: Add test.upgradeable, test.genesis.upgradeable setting in Anchor.toml to support testing upgradeable programs (#​2642).
• cli, client, lang, spl: Update Solana toolchain and dependencies to 1.17.0, 1.16 remains supported (#​2645).
• spl: Add support for memo program (#​2661).
• avm: Add anchor-cli installation from commit (#​2659).
• cli: Add toolchain property in Anchor.toml to override Anchor and Solana versions (#​2649).

Fixes

• ts: Packages no longer depend on assert (#​2535).
• lang: Support for const in the InitSpace macro (#​2555).
• cli: Support workspace inheritance (#​2570).
• client: Compile with Solana 1.14 (#​2572).
• cli: Fix anchor build --no-docs adding docs to the IDL (#​2575).
• ts: Load workspace programs on-demand rather than loading all of them at once (#​2579).
• lang: Fix associated_token::token_program constraint (#​2603).
• cli: Fix anchor account command panicking outside of workspace (#​2620).
• lang: IDL named enum variant fields are now camelCase as opposed to snake_case, consistent with the other IDL types (#​2633).
• avm: Remove excessive panics and handle the errors gracefully (#​2671).

Breaking

• lang: Switch to type safe bumps in context (#​2542).
• syn: idl feature has been replaced with idl-build, idl-parse and idl-types features (#​2011).
• syn: IDL parse method now returns Result<Idl> instead of Result<Option<Idl>> (#​2582).
• spl: Update mpl-token-metadata dependency to use the client SDK instead of the program crate (#​2632).
• ts: Remove base64-js dependency (#​2635).
• syn: IdlTypeDefinitionTy enum has a new variant Alias (#​2637).
• cli, client, lang, spl: Solana 1.14 is no longer supported, minimum required Solana version is 1.16.0 (#​2645).
• cli: anchor_version and solana_version property in Anchor.toml that was being used in verifiable builds are moved inside toolchain. They are now being used for all commands in the workspace, not just verifiable builds (#​2649).

v0.28.1-beta.2

Compare Source

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@babel/[email protected]	None	0	1.89 MB	nicolo-ribaudo
npm/@babel/[email protected]	None	0	258 kB	nicolo-ribaudo
npm/@coral-xyz/[email protected]	Transitive: environment, eval, filesystem, network, shell	+63	59.5 MB
npm/@freecodecamp/[email protected]	Transitive: environment, filesystem, unsafe	+96	3.24 MB	shaunshamilton
npm/@noble/[email protected]	None	0	773 kB	paulmillr
npm/[email protected]	environment, filesystem, unsafe	0	11.2 MB	prettier-bot

🚮 Removed packages: npm/@coral-xyz/[email protected], npm/@coral-xyz/[email protected]

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
Install scripts	npm/@freecodecamp/[email protected]	Install script: postinstall Source: npm run build:client	package-lock.json package.json	🚫

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/@freecodecamp/[email protected]