Skip to content

chore(deps): bump @provablehq/aleo-wallet-adaptor-core from 0.3.0-alpha.3 to 1.0.0#11

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/provablehq/aleo-wallet-adaptor-core-1.0.0
Open

chore(deps): bump @provablehq/aleo-wallet-adaptor-core from 0.3.0-alpha.3 to 1.0.0#11
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/provablehq/aleo-wallet-adaptor-core-1.0.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 7, 2026

Copy link
Copy Markdown

Bumps @provablehq/aleo-wallet-adaptor-core from 0.3.0-alpha.3 to 1.0.0.

Changelog

Sourced from @​provablehq/aleo-wallet-adaptor-core's changelog.

1.0.0

Major Changes

  • Release v1.0.0 — stable release of the Aleo wallet adapter toolkit

    Key additions since the last stable release:

    • Extension detection + account change events — adapters now detect wallet extension presence without requiring a connect, and surface account-change events in real time
    • Shield wallet support — full adapter implementation for Shield wallet including updated icon and styling
    • Dynamic dispatch importsexecuteTransaction now supports specifying imported program names for dynamic dispatch calls
    • Wallet-specified inputsTransactionOptions.inputs accepts InputRequest objects alongside literal strings; dapps can ask the wallet to fill in the active address or auto-select an owned record, with per-connection permission grants via ConnectOptions (recordAccess, readAddress)
    • Derived inputs — new type: "derived" InputRequest variant lets the wallet evaluate a named cryptographic algorithm (e.g. program-scoped blinding factor / blinded address) over wallet-internal state and inject the result into a transaction slot, with explicit per-site authorization in ConnectOptions.algorithmsAllowed
    • Algorithms discoveryalgorithmsSupported() adapter method lets dapps enumerate wallet-implemented algorithms before connecting

Minor Changes

  • 826be81: Support to Dynamic Dispatch imports on executeTransaction

  • a5d741c: Add type: "derived" InputRequest for wallet-evaluated cryptographic algorithms

    A new InputRequest variant lets a dapp ask the wallet to compute a value by running a named cryptographic algorithm over the wallet's own state (view key, wallet-maintained counters, etc.) plus dapp-supplied args, and substitute the result into a transaction input slot. The dapp never observes the wallet-side inputs — only the output.

    Strictly opt-in: a new algorithmsAllowed?: AlgorithmGrant[] field on ConnectOptions authorizes derived inputs at exact (algorithm, program, function, inputPosition) call sites. All four fields are required and exact-match; there is no broad default. The wallet refuses every derived request whose tuple is not present.

    A new adapter method algorithmsSupported(): Promise<string[]> lets a dapp discover which algorithms a wallet implements before populating algorithmsAllowed. Wallets without derived-input support return [] (the base implementation's default).

    Derived-input args are a general Record<string, AlgorithmArg> map; AlgorithmArg.type is ArgType = LiteralType | "string" (the "string" widening carries non-Aleo-literal args). ALGORITHM_SCHEMAS declares each arg's type plus optional possibleValues/optional. AlgorithmGrant gains an optional generic argConstraints?: Record<string, string[] | "any"> to pin per-arg values at connect time.

    Inaugural algorithms (program-scoped blinding, two-stage): program-scoped-blinding-factor (output field) and program-scoped-blinded-address (output address), filling a private blinding_factor and a public blinded_address input from the same wallet-maintained counter. Shared args: mode ("issue" advances the counter for a swap; "resolve" reuses a past counter for a claim, selected by the public targetAddress — the counter never leaves the wallet), membershipProgram/membershipMapping (where the wallet probes used-address state), and targetAddress (resolve only).

    The <AleoWalletProvider> React component accepts a new optional algorithmsAllowed prop and forwards it on connect; the useWallet() context exposes algorithmsSupported. Existing usages without these are unaffected.

    See docs/adapter-privacy-extension.md § "Derived inputs" for the full spec, and docs/dapp-privacy-quickstart.md for an implementor's guide.

  • a2257e9: Minor UI fixes

  • 2012049: Extension detection + account change event

  • 53ae5f0: Adds support to Shield wallet on the wallet adaptor

  • fa653fe: Add wallet-specified input requests and structured permission grants

    TransactionOptions.inputs is now TransactionInput[] (= (string | InputRequest)[]). Dapps can place an InputRequest in any slot to ask the wallet to fill in the active address or auto-select an owned record matching dapp-supplied filters. Passing literal string[] continues to work — string is a subtype of TransactionInput.

    Adapters that do not yet implement fulfillment (leo, fox, soter, puzzle) throw WalletInputRequestNotSupportedError when an InputRequest is encountered. Shield forwards inputs to the extension, which is expected to support them.

    connect() accepts a new optional options?: ConnectOptions parameter carrying recordAccess and readAddress. When readAddress: false, the toolkit short-circuits decrypt, requestRecords, transitionViewKeys, and requestTransactionHistory with WalletAddressWithheldError. Connections with readAddress: false are only valid alongside decryptPermission: NoDecrypt. Adapters other than shield throw WalletConnectOptionsNotSupportedError when these options are set.

    The <AleoWalletProvider> React component accepts new props recordAccess and readAddress and forwards them on connect. Existing usages without these props are unaffected.

    If your code reads TransactionOptions.inputs[i] as a string, narrow with typeof i === 'string' (or use the exported isLiteralInput type guard) before passing it to a string-typed API.

Patch Changes

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [@provablehq/aleo-wallet-adaptor-core](https://github.com/ProvableHQ/aleo-dev-toolkit/tree/HEAD/packages/aleo-wallet-adaptor/core) from 0.3.0-alpha.3 to 1.0.0.
- [Changelog](https://github.com/ProvableHQ/aleo-dev-toolkit/blob/master/packages/aleo-wallet-adaptor/core/CHANGELOG.md)
- [Commits](https://github.com/ProvableHQ/aleo-dev-toolkit/commits/HEAD/packages/aleo-wallet-adaptor/core)

---
updated-dependencies:
- dependency-name: "@provablehq/aleo-wallet-adaptor-core"
  dependency-version: 1.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 7, 2026
@vercel

vercel Bot commented Jul 7, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
earlynotwrong Ready Ready Preview, Comment Jul 7, 2026 11:33pm

@socket-security

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Addednpm/​@​provablehq/​aleo-wallet-adaptor-core@​1.0.077100819470

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants