Releases: onflow/atree
Release list
v0.16.1
What's Changed
- onflow/atree-internal#20
- onflow/atree-internal#21
- onflow/atree-internal#23
- onflow/atree-internal#24
- onflow/atree-internal#25
- docs: add TL;DR, FAQ, and GEO enhancements for discoverability by @Aliserag in #657
- docs: add AGENTS.md by @Aliserag in #658
New Contributors
Full Changelog: v0.16.0...v0.16.1
v0.16.0
This release focused on reviewing, documenting, and refactoring code to proactively reduce false-positive security bug reports we are likely to receive in the future. There is more potential for reviewing and refactoring, but we wanted to release worthwhile improvements now.
The most notable changes are:
- The
NewStorableSlab()function has one more parameterstorableSizethat is used by other code in this release.. - The
NewStorableSlabfunction enforces a limit of ~4.2 GB for a single StorableSlab (for perspective, the largest is 7.3 MB on mainnet and regular slabs have a median size of than 1 KB). See details.
We thank @fxamacker for all her great efforts! 🙇
What's Changed
- Remove unused function in storage.go by @fxamacker in #646
- Refactor and fix several issues by @fxamacker in #647
- Add slab size overflow guard during decoding by @fxamacker in #648
- Add more defensive checks when decoding data by @fxamacker in #649
- Document code that is underflow/overflow safe by @fxamacker in #650
- Add maxThreshold to enforce size invariants by @fxamacker in #651
- Document encoding code that is truncation safe to prevent security bug reports by @fxamacker in #652
- Document more code that is underflow/overflow safe to prevent false-positive security reports by @fxamacker in #653
- Limit storable size in NewStorableSlab() by @fxamacker in #654
Full Changelog: v0.15.0...v0.16.0
v0.15.0
What's Changed
This release uses the latest stream-mode branch of fxamacker/cbor. For more details, see (cbor v2.9.1 release notes).
- Use latest stream-mode branch of fxamacker/cbor by @fxamacker in #644
- Call StoreSlab() for coding style consistency by @fxamacker in #645
Dependabot
🔎 Details...
- Bump github/codeql-action from 4.32.6 to 4.34.1 by @dependabot[bot] in #639
- Bump codecov/codecov-action from 5.5.2 to 6.0.0 by @dependabot[bot] in #640
- Bump github/codeql-action from 4.34.1 to 4.35.0 by @dependabot[bot] in #641
- Bump actions/setup-go from 6.3.0 to 6.4.0 by @dependabot[bot] in #642
- Bump github/codeql-action from 4.35.0 to 4.35.1 by @dependabot[bot] in #643
Full Changelog: v0.14.0...v0.15.0
v0.14.0
This release allows client software to copy arrays and maps up to 2x faster using half the memory allocations. Optimized functions added in this release can benefit EVM, FVM, and FCM.
For example, the open yield vault transaction indirectly uses Cadence's Transfer() about 2900 times. More than 1800 of those 2900 Transfer() calls can use the new optimized functions added to Atree.
Specifically, cadence.ArrayValue.Transfer() using the new atree.Array.CopyNonRefSimple() is 2x faster and uses half as many memory allocations for byte arrays. Enums are copied about 1.5x faster.
The new functions provided by this release are:
Array.CopyNonRefSimple()Array.CanCopyNonRefSimple()OrderedMap.CopyNonRefSimple()OrderedMap.CanCopyNonRefSimple()
What's Changed
- Add support for faster copying of array and map by @fxamacker in #633
- Implement Iterator interfaces for LoadedValueIterator by @fxamacker in #635
CI / GitHub Actions and Chores
🔎 Details...
- Bump github/codeql-action from 4.32.4 to 4.32.5 by @dependabot[bot] in #631
- Bump github/codeql-action from 4.32.5 to 4.32.6 by @dependabot[bot] in #634
Full Changelog: v0.13.0...v0.14.0
v0.13.0
This release adds two functions that can speedup array conversions by 13.7x with 8x less memory use. For example, cadence.ByteArrayValueToByteSlice() using the new atree.ByteArrayToByteSlice() is:
- 13.7 times faster 🚀
- 8 times less memory use (bytes/op)
- 8 times fewer memory allocations (allocs/op)
Array conversions currently done in onflow/cadence can be optimized by using these new functions from atree:
atree.ByteArrayToByteSlice()atree.ByteSliceToByteArray()
What's Changed
- Add two new functions to optimize atree array and Go []byte conversions by @fxamacker in #629
Atree Security Policy
The guidelines in Atree Security Policy is updated based on experience with the bug bounties since October 2025.
- Add more guidelines for security disclosures by @fxamacker in #592
- Add "Flow Rewards" section to Atree Security Policy by @fxamacker in #620
CI / GitHub Actions and Chores
🔎 Details...
- Bump github/codeql-action from 4.31.2 to 4.31.3 by @dependabot[bot] in #605
- Bump actions/checkout from 5.0.0 to 5.0.1 by @dependabot[bot] in #606
- Bump github/codeql-action from 4.31.3 to 4.31.4 by @dependabot[bot] in #607
- Bump actions/checkout from 5.0.1 to 6.0.0 by @dependabot[bot] in #609
- Bump actions/setup-go from 6.0.0 to 6.1.0 by @dependabot[bot] in #608
- Bump github/codeql-action from 4.31.4 to 4.31.5 by @dependabot[bot] in #610
- Bump github/codeql-action from 4.31.5 to 4.31.6 by @dependabot[bot] in #612
- Bump actions/checkout from 6.0.0 to 6.0.1 by @dependabot[bot] in #613
- Bump github/codeql-action from 4.31.6 to 4.31.7 by @dependabot[bot] in #614
- Bump codecov/codecov-action from 5.5.1 to 5.5.2 by @dependabot[bot] in #615
- Bump github/codeql-action from 4.31.7 to 4.31.8 by @dependabot[bot] in #616
- Bump github/codeql-action from 4.31.8 to 4.31.9 by @dependabot[bot] in #617
- Bump github/codeql-action from 4.31.9 to 4.31.10 by @dependabot[bot] in #618
- Bump actions/setup-go from 6.1.0 to 6.2.0 by @dependabot[bot] in #619
- Bump actions/checkout from 6.0.1 to 6.0.2 by @dependabot[bot] in #621
- Bump github/codeql-action from 4.31.10 to 4.31.11 by @dependabot[bot] in #622
- Bump github/codeql-action from 4.31.11 to 4.32.0 by @dependabot[bot] in #623
- Bump github/codeql-action from 4.32.0 to 4.32.1 by @dependabot[bot] in #625
- Bump github/codeql-action from 4.32.1 to 4.32.2 by @dependabot[bot] in #626
- Bump github/codeql-action from 4.32.2 to 4.32.3 by @dependabot[bot] in #627
- Bump github/codeql-action from 4.32.3 to 4.32.4 by @dependabot[bot] in #628
- Bump actions/setup-go from 6.2.0 to 6.3.0 by @dependabot[bot] in #630
- Port v0.12.1 to main by @turbolent in #624 (this is https://github.com/onflow/atree-internal/pull/17 by @fxamacker)
Thanks @turbolent for porting v0.12.1 to main branch!
Full Changelog: v0.12.0...v0.13.0
v0.12.1
This release adds a defensive check to prevent inserting a new element if the array already has MaxUInt32 (4.29+ billion) number of elements. In practice, arrays that need to reach 4 billion elements would require minimum of 4+ GB storage, so they would have run into some limits already enforced by client software (e.g., onflow/cadence and onflow/flow-go).
Please refer to Atree's Security Policy for more details:
Security reports should not evaluate Atree as a standalone component, because Atree relies on some limits and security guarantees provided by other components, i.e. in the Cadence programming language and the Flow node software.
Changes
- PR #624 ports onflow/atree-internal#17 created by @fxamacker
Full Changelog: v0.12.0...v0.12.1
v0.12.0
What's Changed
There are no changes that affect behavior on testnet or mainnet.
- Change slab size related variables from uint64 to uint32 by @fxamacker in #586
- Bump Go and linter versions and update the code by @fxamacker in #582
- Bump fxamacker/cbor to feature/stream-mode based on v2.9.0 by @fxamacker in #590
- Update "Guidelines for Responsible Disclosure" in SECURITY.md by @fxamacker in #589
- Remove unused storage function FixLoadedBrokenReferences by @fxamacker in #588
- Add parallelism to tests to reduce atree test duration (64m -> 31m) by @fxamacker in #584
CI / GitHub Actions and Docs
🔎 Details...
- Bump github/codeql-action from 3.30.6 to 4.30.7 by @dependabot[bot] in #581
- Bump github/codeql-action from 4.30.7 to 4.30.8 by @dependabot[bot] in #585
- Bump github/codeql-action from 4.30.8 to 4.30.9 by @dependabot[bot] in #591
- Bump github/codeql-action from 4.30.9 to 4.31.0 by @dependabot[bot] in #593
- Bump github/codeql-action from 4.31.0 to 4.31.2 by @dependabot[bot] in #594
Full Changelog: v0.11.0...v0.12.0
v0.11.0
What's Changed
There are no changes that affect behavior on testnet or mainnet.
This release focused on two features that are currently only used for debugging client software:
- Add support for iterating over map data slab elements by @turbolent in #577
- Return more data from String() for debugging by @fxamacker in #560
CI / GitHub Actions and Docs
🔎 Details...
- Bump github.com/stretchr/testify from 1.10.0 to 1.11.0 by @dependabot[bot] in #568
- Bump github.com/stretchr/testify from 1.11.0 to 1.11.1 by @dependabot[bot] in #569
- Bump actions/setup-go from 5.5.0 to 6.0.0 by @dependabot[bot] in #571
- Bump github/codeql-action from 3.29.11 to 3.30.1 by @dependabot[bot] in #572
- Bump codecov/codecov-action from 5.5.0 to 5.5.1 by @dependabot[bot] in #573
- chore: fix some typos in comments by @fengyuchuanshen in #575
- Bump github/codeql-action from 3.30.1 to 3.30.3 by @dependabot[bot] in #576
- Bump github/codeql-action from 3.30.3 to 3.30.4 by @dependabot[bot] in #578
- Bump github/codeql-action from 3.30.4 to 3.30.5 by @dependabot[bot] in #579
- Bump github/codeql-action from 3.30.5 to 3.30.6 by @dependabot[bot] in #580
New Contributors
- @fengyuchuanshen made their first contribution in #575
Full Changelog: v0.10.1...v0.11.0
v0.10.1
What's Changed
This release is to bump lukechampine.com/blake3 from 1.4.0 to 1.4.1 because 1.4.0 was retraced by the author. However, lukechampine.com/blake3 is only by unit tests so this doesn't change anything.
The only other change outside of CI is effectively a lint (no change in behavior of the code):
- Refactor to modernize and reduce code by @fxamacker in #557
CI / GitHub Actions
🔎 Details...
- Bump github/codeql-action from 3.28.13 to 3.28.15 by @dependabot[bot] in #545
- Bump codecov/codecov-action from 5.4.0 to 5.4.2 by @dependabot[bot] in #546
- Bump github/codeql-action from 3.28.15 to 3.28.16 by @dependabot[bot] in #547
- Bump github/codeql-action from 3.28.16 to 3.28.17 by @dependabot[bot] in #548
- Bump lukechampine.com/blake3 from 1.4.0 to 1.4.1 by @dependabot[bot] in #549
- Bump actions/setup-go from 5.4.0 to 5.5.0 by @dependabot[bot] in #550
- Bump codecov/codecov-action from 5.4.2 to 5.4.3 by @dependabot[bot] in #551
- Bump github/codeql-action from 3.28.17 to 3.28.18 by @dependabot[bot] in #552
- Bump github/codeql-action from 3.28.18 to 3.28.19 by @dependabot[bot] in #553
- Bump github/codeql-action from 3.28.19 to 3.29.0 by @dependabot[bot] in #554
- Bump github/codeql-action from 3.29.0 to 3.29.1 by @dependabot[bot] in #555
- Bump github/codeql-action from 3.29.1 to 3.29.2 by @dependabot[bot] in #556
- Bump github/codeql-action from 3.29.2 to 3.29.4 by @dependabot[bot] in #559
- Bump github/codeql-action from 3.29.4 to 3.29.5 by @dependabot[bot] in #561
- Bump github/codeql-action from 3.29.7 to 3.29.8 by @dependabot[bot] in #562
- Bump actions/checkout from 4.2.2 to 5.0.0 by @dependabot[bot] in #563
- Bump github/codeql-action from 3.29.8 to 3.29.9 by @dependabot[bot] in #564
- Bump github/codeql-action from 3.29.9 to 3.29.10 by @dependabot[bot] in #565
- Bump codecov/codecov-action from 5.4.3 to 5.5.0 by @dependabot[bot] in #566
- Bump github/codeql-action from 3.29.10 to 3.29.11 by @dependabot[bot] in #567
Full Changelog: v0.10.0...v0.10.1
v0.10.0
Atree v0.10.0 was refactored to reduce tech debt and it uses the updated features/stream-mode branch of fxamacker/cbor v2.8.
Notable issues resolved:
- #464 Refactor and reduce technical debt. This helps us add new features, maintain, and optimize (e.g., Lazy Decoding).
- #539 and flow-go#7221 Update to newer
feature/stream-modebranch in fxamacker/cbor from 2.4 to 2.8. This resolves build issue for external projects that depend on fxamacker/cbor 2.5 or newer versions.
Other changes needed by this release are at fxamacker/cbor:
- PR fxamacker/cbor#640 update branch v2.4->v2.7 (+15,260 −4,371)
- PR fxamacker/cbor#650 update branch v2.7->v2.8 (+2,328 −952)
What's Changed
Upgrade to fxamacker/cbor v2.8
- Bump fxamacker/cbor to latest feature/stream-mode by @fxamacker in #542
We ran extensive tests to check backward compatibility, etc. #539 (comment) before merging the version bump to main branches.
Refactor to reduce tech debt
- Remove old test files by @fxamacker in #475
- Rename and export
SlabIDLengthand related constants by @fxamacker in #478 - Replace SlabID{...} with NewSlabID() in tests by @fxamacker in #479
- Use NewDefaultDigesterBuilder() in tests by @fxamacker in #480
- Export PersistentSlabStorage funcs in export_test.go by @fxamacker in #481
- Avoid using unexported
SlabIDfields in tests by @fxamacker in #484 - Avoid creating ArrayDataSlab directly in tests by @fxamacker in #490
- Avoid using unexported
OrderedMapfields in tests by @fxamacker in #489 - Avoid using unexported
Arrayfields in tests by @fxamacker in #488 - Avoid using unexported constants in tests by @fxamacker in #485
- Avoid creating ArrayMetaDataSlab directly in tests by @fxamacker in #495
- Avoid using MapDataSlab & MapMetaDataSlab in tests by @fxamacker in #497
- Rename vars to reduce confusion (sizes vs counts) by @fxamacker in #498
- Avoid using unexported
mutableValueNotifierin tests by @fxamacker in #499 - Use helper functions to compute array sizes in tests by @fxamacker in #500
- Use helper funcs to compute map byte sizes in tests by @fxamacker in #501
- Decouple non-test and test code by @fxamacker in #503
- Move test util funcs to test_utils package for reuse by smoke tests by @fxamacker in #504
- Rename cmd/stress to cmd/smoke (it only contains smoke tests) by @fxamacker in #505
- Refactor smoke test to reduce duplicate code by @fxamacker in #506
- Split array.go into smaller files and group related functions by @fxamacker in #508
- Split map.go into smaller files and group related functions by @fxamacker in #509
- Split storable.go & typeinfo.go into smaller files by @fxamacker in #510
- Split storage.go into smaller files by @fxamacker in #511
- Replace
panic("not reachable")withpanic(NewUnreachableError())by @turbolent in #512 - Split array_debug.go and map_debug.go into smaller files by @fxamacker in #513
- Replace empty interface with
anyby @fxamacker in #514 - Refactor array test & validation code to use range loops by @fxamacker in #515
- Improve consistency of variable names in array tests by @fxamacker in #516
- Refactor map tests & validation to use range loops by @fxamacker in #519
- Improve consistency of variable names in map tests by @fxamacker in #520
- Refactor non-test code to use range loops by @fxamacker in #521
- Fix some misspelled words in docs/comments by @leopardracer in #529
- Simplify and lint test code to improve maintainability and fix flakey test by @fxamacker in #522
- Use go1.21 slices package functions in tests by @fxamacker in #524
- Refactor to simplify merging child slabs in array by @fxamacker in #525
- Refactor to simplify rebalancing child slabs in array by @fxamacker in #526
- Refactor to simplify merging child slabs in map by @fxamacker in #527
- Refactor to simplify rebalancing child slabs in map by @fxamacker in #528
- Refactor ArrayMetaDataSlab.SplitChildSlab() to improve readability by @fxamacker in #530
- Use go1.21 slices package in array by @fxamacker in #531
- Use go1.21 slices package in map by @fxamacker in #532
- Use go1.21 clear() instead of loops to clear elements by @fxamacker in #533
- Simplify slab operations and reduce risks such as memory leaks, etc. by @fxamacker in #534
- Fix smoke test memory usage by @fxamacker in #536
Other Changes
- Bump actions/setup-go from 5.2.0 to 5.3.0 by @dependabot in #473
- Bump codecov/codecov-action from 5.1.2 to 5.3.1 by @dependabot in #487
- Bump github/codeql-action from 3.27.9 to 3.28.8 by @dependabot in #494
- Bump github/codeql-action from 3.28.8 to 3.28.9 by @dependabot in #502
- Bump to Go 1.23 and golangci-lint 1.63.4 by @fxamacker in #507
- Bump github/codeql-action from 3.28.9 to 3.28.10 by @dependabot in #517
- Bump lukechampine.com/blake3 from 1.3.0 to 1.4.0 by @dependabot in #518
- Bump codecov/codecov-action from 5.3.1 to 5.4.0 by @dependabot in #523
- Bump github/codeql-action from 3.28.10 to 3.28.11 by @dependabot in #537
- Bump actions/setup-go from 5.3.0 to 5.4.0 by @dependabot in #540
- Bump github/codeql-action from 3.28.11 to 3.28.12 by @dependabot in #541
- Bump github/codeql-action from 3.28.12 to 3.28.13 by @dependabot in #543
New Contributors
- @leopardracer made their first contribution in #529
Full Changelog: v0.9.0...v0.10.0