Vyper

Latest version: v0.4.0

Safety actively analyzes 682387 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 1 of 9

0.4.1b1

Not secure
What's Changed
* chore[docs]: add `FUNDING.json` for drips funding by benber86 in https://github.com/vyperlang/vyper/pull/4167
* chore[docs]: update `sourceMap` field descriptions by rimrakhimov in https://github.com/vyperlang/vyper/pull/4170
* chore[test]: fix a type hint by ZhipengXue97 in https://github.com/vyperlang/vyper/pull/4173
* feat[venom]: offset instruction by HodanPlodky in https://github.com/vyperlang/vyper/pull/4180
* fix[test]: fix test in grammar fuzzer by charles-cooper in https://github.com/vyperlang/vyper/pull/4150
* chore[docs]: remove experimental note for cancun by cyberthirst in https://github.com/vyperlang/vyper/pull/4183
* refactor[codegen]: remove redundant `IRnode.from_list` by trocher in https://github.com/vyperlang/vyper/pull/4151
* feat[lang]: introduce `mana` as an alias for `gas` by pcaversaccio in https://github.com/vyperlang/vyper/pull/3713
* fix[lang]: fix `.vyi` function body check by cyberthirst in https://github.com/vyperlang/vyper/pull/4177
* fix[lang]: add `raw_log()` constancy check by cyberthirst in https://github.com/vyperlang/vyper/pull/4201
* feat[lang]!: make `external` modifier optional in `.vyi` files by cyberthirst in https://github.com/vyperlang/vyper/pull/4178
* fix[codegen]: fix `abi_encode` buffer size in external calls by cyberthirst in https://github.com/vyperlang/vyper/pull/4202
* fix[lang]: fix precedence in floordiv hint by cyberthirst in https://github.com/vyperlang/vyper/pull/4203
* fix[lang]: fix panic in call cycle detection by cyberthirst in https://github.com/vyperlang/vyper/pull/4200
* fix[lang]: fix certain varinfo comparisons by charles-cooper in https://github.com/vyperlang/vyper/pull/4164
* feat[codegen]!: check `returndatasize` even when `skip_contract_check` is set by charles-cooper in https://github.com/vyperlang/vyper/pull/4148
* fix[tool]: update `InterfaceT.__str__` implementation by charles-cooper in https://github.com/vyperlang/vyper/pull/4205
* fix[tool]: fix classification of AST nodes by charles-cooper in https://github.com/vyperlang/vyper/pull/4210
* chore[tool]: update `FUNDING.json` for optimism RPGF by benber86 in https://github.com/vyperlang/vyper/pull/4218
* fix[tool]: keep `experimentalCodegen` blank in standard json input by charles-cooper in https://github.com/vyperlang/vyper/pull/4216
* feat[docs]: add bug bounty program to security policy by cyberthirst in https://github.com/vyperlang/vyper/pull/4230
* feat[ux]: move exception hint to the end of the message by cyberthirst in https://github.com/vyperlang/vyper/pull/4154
* fix[venom]: invalid jump error by HodanPlodky in https://github.com/vyperlang/vyper/pull/4214
* perf[venom]: add `OrderedSet.last()` by charles-cooper in https://github.com/vyperlang/vyper/pull/4236
* feat[venom]: improve liveness computation time by charles-cooper in https://github.com/vyperlang/vyper/pull/4086
* fix[ux]: improve error message for bad hex literals by charles-cooper in https://github.com/vyperlang/vyper/pull/4244
* feat[venom]: only stack_reorder before join points by charles-cooper in https://github.com/vyperlang/vyper/pull/4247
* perf[venom]: improve OrderedSet operations by charles-cooper in https://github.com/vyperlang/vyper/pull/4246
* fix[lang]: fix `==` and `!=` bytesM folding by trocher in https://github.com/vyperlang/vyper/pull/4254
* fix[venom]: fix invalid `phi`s after SCCP by HodanPlodky in https://github.com/vyperlang/vyper/pull/4181
* fix[venom]: clean up sccp pass by charles-cooper in https://github.com/vyperlang/vyper/pull/4261
* refactor[venom]: remove `dup_requirements` analysis by charles-cooper in https://github.com/vyperlang/vyper/pull/4262
* fix[venom]: remove duplicate volatile instructions by harkal in https://github.com/vyperlang/vyper/pull/4263
* feat[tool]: add integrity hash to initcode by charles-cooper in https://github.com/vyperlang/vyper/pull/4234
* fix[venom]: fix `_stack_reorder()` routine by HodanPlodky in https://github.com/vyperlang/vyper/pull/4220
* chore[docs]: add binary installation methods by DanielSchiavini in https://github.com/vyperlang/vyper/pull/4258
* fix[ux]: fix relpath compiler panic on windows by charles-cooper in https://github.com/vyperlang/vyper/pull/4228
* feat[venom]: store expansion pass by charles-cooper in https://github.com/vyperlang/vyper/pull/4068
* feat[lang]: use keyword arguments for event instantiation by z80dev in https://github.com/vyperlang/vyper/pull/4257
* feat[venom]: add effects to instructions by charles-cooper in https://github.com/vyperlang/vyper/pull/4264
* feat[docs]: add installation via pipx and uv by charles-cooper in https://github.com/vyperlang/vyper/pull/4274
* fix[tool]: update VarAccess pickle implementation by charles-cooper in https://github.com/vyperlang/vyper/pull/4270
* feat[venom]: add small heuristic for cleaning input stack by charles-cooper in https://github.com/vyperlang/vyper/pull/4251
* fix[venom]: promote additional memory locations to variables by harkal in https://github.com/vyperlang/vyper/pull/4039
* feat[tool]: add all imported modules to `-f annotated_ast` output by charles-cooper in https://github.com/vyperlang/vyper/pull/4209
* feat[lang]: add native hex string literals by tserg in https://github.com/vyperlang/vyper/pull/4271
* refactor[venom]: refactor module structure by charles-cooper in https://github.com/vyperlang/vyper/pull/4295
* refactor[lang]: remove translated fields for constant nodes by tserg in https://github.com/vyperlang/vyper/pull/4287
* fix[tool]: include structs in `-f interface` output by sandbubbles in https://github.com/vyperlang/vyper/pull/4294
* fix[venom]: fix unused variables pass by charles-cooper in https://github.com/vyperlang/vyper/pull/4259
* feat[tool]: separate import resolution pass by charles-cooper in https://github.com/vyperlang/vyper/pull/4229
* fix[lang]: fix recursive interface imports by charles-cooper in https://github.com/vyperlang/vyper/pull/4303
* chore[ci]: add auto-labeling workflow by cyberthirst in https://github.com/vyperlang/vyper/pull/4276
* fix[test]: fix some clamper tests by cyberthirst in https://github.com/vyperlang/vyper/pull/4300
* feat[lang]: support top level `"abi"` key in json interfaces by sandbubbles in https://github.com/vyperlang/vyper/pull/4279
* feat[lang]: support flags from imported interfaces by tserg in https://github.com/vyperlang/vyper/pull/4253
* refactor[venom]: move commutative instruction set by HodanPlodky in https://github.com/vyperlang/vyper/pull/4307
* fix[ci]: fix commithash calculation for pypi release by charles-cooper in https://github.com/vyperlang/vyper/pull/4309

New Contributors
* rimrakhimov made their first contribution in https://github.com/vyperlang/vyper/pull/4170
* ZhipengXue97 made their first contribution in https://github.com/vyperlang/vyper/pull/4173
* HodanPlodky made their first contribution in https://github.com/vyperlang/vyper/pull/4180
* sandbubbles made their first contribution in https://github.com/vyperlang/vyper/pull/4294

**Full Changelog**: https://github.com/vyperlang/vyper/compare/v0.4.0...v0.4.1b1

0.4.0

Not secure
v0.4.0 represents a major overhaul to the Vyper language. Notably, it overhauls the import system and adds support for code reuse. It also adds a new, experimental backend to Vyper which lays the foundation for improved analysis, optimization and integration with third party tools.

Breaking Changes

- feat[tool]!: make cancun the default evm version ([4029](https://github.com/vyperlang/vyper/pull/4029))
- feat[lang]: remove named reentrancy locks ([3769](https://github.com/vyperlang/vyper/pull/3769))
- feat[lang]!: change the signature of `block.prevrandao` ([3879](https://github.com/vyperlang/vyper/pull/3879))
- feat[lang]!: change ABI type of `decimal` to `int168` ([3696](https://github.com/vyperlang/vyper/pull/3696))
- feat[lang]: rename `_abi_encode` and `_abi_decode` ([4097](https://github.com/vyperlang/vyper/pull/4097))
- feat[lang]!: add feature flag for decimals ([3930](https://github.com/vyperlang/vyper/pull/3930))
- feat[lang]!: make internal decorator optional ([4040](https://github.com/vyperlang/vyper/pull/4040))
- feat[lang]: protect external calls with keyword ([2938](https://github.com/vyperlang/vyper/pull/2938))
- introduce floordiv, ban regular div for integers ([2937](https://github.com/vyperlang/vyper/pull/2937))
- feat[lang]: use keyword arguments for struct instantiation ([3777](https://github.com/vyperlang/vyper/pull/3777))
- feat: require type annotations for loop variables ([3596](https://github.com/vyperlang/vyper/pull/3596))
- feat: replace `enum` with `flag` keyword ([3697](https://github.com/vyperlang/vyper/pull/3697))
- feat: remove builtin constants ([3350](https://github.com/vyperlang/vyper/pull/3350))
- feat: drop istanbul and berlin support ([3843](https://github.com/vyperlang/vyper/pull/3843))
- feat: allow range with two arguments and bound ([3679](https://github.com/vyperlang/vyper/pull/3679))
- fix[codegen]: range bound check for signed integers ([3814](https://github.com/vyperlang/vyper/pull/3814))
- feat: default code offset = 3 ([3454](https://github.com/vyperlang/vyper/pull/3454))
- feat: rename `vyper.interfaces` to `ethereum.ercs` ([3741](https://github.com/vyperlang/vyper/pull/3741))
- chore: add prefix to ERC interfaces ([3804](https://github.com/vyperlang/vyper/pull/3804))
- chore[ux]: compute natspec as part of standard pipeline ([3946](https://github.com/vyperlang/vyper/pull/3946))
- feat: deprecate `vyper-serve` ([3666](https://github.com/vyperlang/vyper/pull/3666))

Module system

- refactor: internal handling of imports ([3655](https://github.com/vyperlang/vyper/pull/3655))
- feat: implement "stateless" modules ([3663](https://github.com/vyperlang/vyper/pull/3663))
- feat[lang]: export interfaces ([3919](https://github.com/vyperlang/vyper/pull/3919))
- feat[lang]: singleton modules with ownership hierarchy ([3729](https://github.com/vyperlang/vyper/pull/3729))
- feat[lang]: implement function exports ([3786](https://github.com/vyperlang/vyper/pull/3786))
- feat[lang]: auto-export events in ABI ([3808](https://github.com/vyperlang/vyper/pull/3808))
- fix: allow using interface defs from imported modules ([3725](https://github.com/vyperlang/vyper/pull/3725))
- feat: add support for constants in imported modules ([3726](https://github.com/vyperlang/vyper/pull/3726))
- fix[lang]: prevent modules as storage variables ([4088](https://github.com/vyperlang/vyper/pull/4088))
- fix[ux]: improve initializer hint for unimported modules ([4145](https://github.com/vyperlang/vyper/pull/4145))
- feat: add python `sys.path` to vyper path ([3763](https://github.com/vyperlang/vyper/pull/3763))
- feat[ux]: improve error message for importing ERC20 ([3816](https://github.com/vyperlang/vyper/pull/3816))
- fix[lang]: fix importing of flag types ([3871](https://github.com/vyperlang/vyper/pull/3871))
- feat: search path resolution for cli ([3694](https://github.com/vyperlang/vyper/pull/3694))
- fix[lang]: transitive exports ([3888](https://github.com/vyperlang/vyper/pull/3888))
- fix[ux]: error messages relating to initializer issues ([3831](https://github.com/vyperlang/vyper/pull/3831))
- fix[lang]: recursion in `uses` analysis for nonreentrant functions ([3971](https://github.com/vyperlang/vyper/pull/3971))
- fix[ux]: fix `uses` error message ([3926](https://github.com/vyperlang/vyper/pull/3926))
- fix[lang]: fix `uses` analysis for nonreentrant functions ([3927](https://github.com/vyperlang/vyper/pull/3927))
- fix[lang]: fix a hint in global initializer check ([4089](https://github.com/vyperlang/vyper/pull/4089))
- fix[lang]: builtin type comparisons ([3956](https://github.com/vyperlang/vyper/pull/3956))
- fix[tool]: fix `combined_json` output for CLI ([3901](https://github.com/vyperlang/vyper/pull/3901))
- fix[tool]: compile multiple files ([4053](https://github.com/vyperlang/vyper/pull/4053))
- refactor: reimplement AST folding ([3669](https://github.com/vyperlang/vyper/pull/3669))
- refactor: constant folding ([3719](https://github.com/vyperlang/vyper/pull/3719))
- fix[lang]: typecheck hashmap indexes with folding ([4007](https://github.com/vyperlang/vyper/pull/4007))
- fix[lang]: fix array index checks when the subscript is folded ([3924](https://github.com/vyperlang/vyper/pull/3924))
- fix[lang]: pure access analysis ([3895](https://github.com/vyperlang/vyper/pull/3895))

Venom

- feat: implement new IR for vyper (venom IR) ([3659](https://github.com/vyperlang/vyper/pull/3659))
- feat[ir]: add `make_ssa` pass to venom pipeline ([3825](https://github.com/vyperlang/vyper/pull/3825))
- feat[venom]: implement `mem2var` and `sccp` passes ([3941](https://github.com/vyperlang/vyper/pull/3941))
- feat[venom]: add store elimination pass ([4021](https://github.com/vyperlang/vyper/pull/4021))
- feat[venom]: add `extract_literals` pass ([4067](https://github.com/vyperlang/vyper/pull/4067))
- feat[venom]: optimize branching ([4049](https://github.com/vyperlang/vyper/pull/4049))
- feat[venom]: avoid last `swap` for commutative ops ([4048](https://github.com/vyperlang/vyper/pull/4048))
- feat[venom]: "pickaxe" stack scheduler optimization ([3951](https://github.com/vyperlang/vyper/pull/3951))
- feat[venom]: add algebraic optimization pass ([4054](https://github.com/vyperlang/vyper/pull/4054))
- feat: Implement target constrained venom jump instruction ([3687](https://github.com/vyperlang/vyper/pull/3687))
- feat: remove `deploy` instruction from venom ([3703](https://github.com/vyperlang/vyper/pull/3703))
- fix[venom]: liveness analysis in some loops ([3732](https://github.com/vyperlang/vyper/pull/3732))
- feat: add more venom instructions ([3733](https://github.com/vyperlang/vyper/pull/3733))
- refactor[venom]: use venom pass instances ([3908](https://github.com/vyperlang/vyper/pull/3908))
- refactor[venom]: refactor venom operand classes ([3915](https://github.com/vyperlang/vyper/pull/3915))
- refactor[venom]: introduce `IRContext` and `IRAnalysisCache` ([3983](https://github.com/vyperlang/vyper/pull/3983))
- feat: add utility functions to `OrderedSet` ([3833](https://github.com/vyperlang/vyper/pull/3833))
- feat[venom]: optimize `get_basic_block()` ([4002](https://github.com/vyperlang/vyper/pull/4002))
- fix[venom]: fix branch eliminator cases in sccp ([4003](https://github.com/vyperlang/vyper/pull/4003))
- fix[codegen]: same symbol jumpdest merge ([3982](https://github.com/vyperlang/vyper/pull/3982))
- fix[venom]: fix eval of `exp` in sccp ([4009](https://github.com/vyperlang/vyper/pull/4009))
- refactor[venom]: remove unused method in `make_ssa.py` ([4012](https://github.com/vyperlang/vyper/pull/4012))
- fix[venom]: fix return opcode handling in mem2var ([4011](https://github.com/vyperlang/vyper/pull/4011))
- fix[venom]: fix `cfg` output format ([4010](https://github.com/vyperlang/vyper/pull/4010))
- chore[venom]: fix output formatting of data segment in `IRContext` ([4016](https://github.com/vyperlang/vyper/pull/4016))
- feat[venom]: optimize mem2var and store/variable elimination pass sequences ([4032](https://github.com/vyperlang/vyper/pull/4032))
- fix[venom]: fix some sccp evaluations ([4028](https://github.com/vyperlang/vyper/pull/4028))
- fix[venom]: add `unique_symbols` check to venom pipeline ([4149](https://github.com/vyperlang/vyper/pull/4149))
- feat[venom]: remove redundant store elimination pass ([4036](https://github.com/vyperlang/vyper/pull/4036))
- fix[venom]: remove some dead code in `venom_to_assembly` ([4042](https://github.com/vyperlang/vyper/pull/4042))
- feat[venom]: improve unused variable removal pass ([4055](https://github.com/vyperlang/vyper/pull/4055))
- fix[venom]: remove liveness requests ([4058](https://github.com/vyperlang/vyper/pull/4058))
- fix[venom]: fix list of volatile instructions ([4065](https://github.com/vyperlang/vyper/pull/4065))
- fix[venom]: remove dominator tree invalidation for store elimination pass ([4069](https://github.com/vyperlang/vyper/pull/4069))
- fix[venom]: move loop invariant assertion to entry block ([4098](https://github.com/vyperlang/vyper/pull/4098))
- fix[venom]: clear `out_vars` during calculation ([4129](https://github.com/vyperlang/vyper/pull/4129))
- fix[venom]: alloca for default arguments ([4155](https://github.com/vyperlang/vyper/pull/4155))
- Refactor `ctx.add_instruction()` and friends ([3685](https://github.com/vyperlang/vyper/pull/3685))
- fix: type annotation of helper function ([3702](https://github.com/vyperlang/vyper/pull/3702))
- feat[ir]: emit `djump` in dense selector table ([3849](https://github.com/vyperlang/vyper/pull/3849))
- chore: move venom tests to `tests/unit/compiler` ([3684](https://github.com/vyperlang/vyper/pull/3684))

Other new features

- feat[lang]: add `blobhash()` builtin ([3962](https://github.com/vyperlang/vyper/pull/3962))
- feat[lang]: support `block.blobbasefee` ([3945](https://github.com/vyperlang/vyper/pull/3945))
- feat[lang]: add `revert_on_failure` kwarg for create builtins ([3844](https://github.com/vyperlang/vyper/pull/3844))
- feat[lang]: allow downcasting of bytestrings ([3832](https://github.com/vyperlang/vyper/pull/3832))

Docs

- chore[docs]: add docs for v0.4.0 features ([3947](https://github.com/vyperlang/vyper/pull/3947))
- chore[docs]: `implements` does not check event declarations ([4052](https://github.com/vyperlang/vyper/pull/4052))
- docs: adopt a new theme: `shibuya` ([3754](https://github.com/vyperlang/vyper/pull/3754))
- chore[docs]: add evaluation order warning for builtins ([4158](https://github.com/vyperlang/vyper/pull/4158))
- Update `FUNDING.yml` ([3636](https://github.com/vyperlang/vyper/pull/3636))
- docs: fix nit in v0.3.10 release notes ([3638](https://github.com/vyperlang/vyper/pull/3638))
- docs: add note on `pragma` parsing ([3640](https://github.com/vyperlang/vyper/pull/3640))
- docs: retire <securityvyperlang.org> ([3660](https://github.com/vyperlang/vyper/pull/3660))
- feat[docs]: add more detail to modules docs ([4087](https://github.com/vyperlang/vyper/pull/4087))
- docs: update resources section ([3656](https://github.com/vyperlang/vyper/pull/3656))
- docs: add script to help working on the compiler ([3674](https://github.com/vyperlang/vyper/pull/3674))
- docs: add warnings at the top of all example token contracts ([3676](https://github.com/vyperlang/vyper/pull/3676))
- docs: typo in `on_chain_market_maker.vy` ([3677](https://github.com/vyperlang/vyper/pull/3677))
- docs: clarify `address.codehash` for empty account ([3711](https://github.com/vyperlang/vyper/pull/3711))
- docs: indexed arguments for events are limited ([3715](https://github.com/vyperlang/vyper/pull/3715))
- docs: Fix typos ([3747](https://github.com/vyperlang/vyper/pull/3747))
- docs: Upgrade dependencies and fixes ([3745](https://github.com/vyperlang/vyper/pull/3745))
- docs: add missing cli flags ([3736](https://github.com/vyperlang/vyper/pull/3736))
- chore: fix formatting and docs for new struct instantiation syntax ([3792](https://github.com/vyperlang/vyper/pull/3792))
- docs: floordiv ([3797](https://github.com/vyperlang/vyper/pull/3797))
- docs: add missing `annotated_ast` flag ([3813](https://github.com/vyperlang/vyper/pull/3813))
- docs: update logo in readme, remove competition reference ([3837](https://github.com/vyperlang/vyper/pull/3837))
- docs: add rationale for floordiv rounding behavior ([3845](https://github.com/vyperlang/vyper/pull/3845))
- chore[docs]: amend `revert_on_failure` kwarg docs for create builtins ([3921](https://github.com/vyperlang/vyper/pull/3921))
- fix[docs]: fix clipped `endAuction` method in example section ([3969](https://github.com/vyperlang/vyper/pull/3969))
- refactor[docs]: refactor security policy ([3981](https://github.com/vyperlang/vyper/pull/3981))
- fix: edit link to style guide ([3658](https://github.com/vyperlang/vyper/pull/3658))
- Add Vyper online compiler tooling ([3680](https://github.com/vyperlang/vyper/pull/3680))
- chore: fix typos ([3749](https://github.com/vyperlang/vyper/pull/3749))

Bugfixes

- fix[codegen]: fix `raw_log()` when topics are non-literals ([3977](https://github.com/vyperlang/vyper/pull/3977))
- fix[codegen]: fix transient codegen for `slice` and `extract32` ([3874](https://github.com/vyperlang/vyper/pull/3874))
- fix[codegen]: bounds check for signed index accesses ([3817](https://github.com/vyperlang/vyper/pull/3817))
- fix: disallow `value=` passing for delegate and static `raw_call`s ([3755](https://github.com/vyperlang/vyper/pull/3755))
- fix[codegen]: fix double evals in sqrt, slice, blueprint ([3976](https://github.com/vyperlang/vyper/pull/3976))
- fix[codegen]: fix double eval in dynarray append/pop ([4030](https://github.com/vyperlang/vyper/pull/4030))
- fix[codegen]: fix double eval of start in range expr ([4033](https://github.com/vyperlang/vyper/pull/4033))
- fix[codegen]: overflow check in `slice()` ([3818](https://github.com/vyperlang/vyper/pull/3818))
- fix: concat buffer bug ([3738](https://github.com/vyperlang/vyper/pull/3738))
- fix[codegen]: fix `make_setter` overlap with internal calls ([4037](https://github.com/vyperlang/vyper/pull/4037))
- fix[codegen]: fix `make_setter` overlap in `dynarray_append` ([4059](https://github.com/vyperlang/vyper/pull/4059))
- fix[codegen]: `make_setter` overlap in the presence of `staticcall` ([4128](https://github.com/vyperlang/vyper/pull/4128))
- fix[codegen]: fix `_abi_decode` buffer overflow ([3925](https://github.com/vyperlang/vyper/pull/3925))
- fix[codegen]: zero-length dynarray `abi_decode` validation ([4060](https://github.com/vyperlang/vyper/pull/4060))
- fix[codegen]: recursive dynarray oob check ([4091](https://github.com/vyperlang/vyper/pull/4091))
- fix[codegen]: add back in `returndatasize` check ([4144](https://github.com/vyperlang/vyper/pull/4144))
- fix: block memory allocation overflow ([3639](https://github.com/vyperlang/vyper/pull/3639))
- fix[codegen]: panic on potential eval order issue for some builtins ([4157](https://github.com/vyperlang/vyper/pull/4157))
- fix[codegen]: panic on potential subscript eval order issue ([4159](https://github.com/vyperlang/vyper/pull/4159))
- add comptime check for uint2str input ([3671](https://github.com/vyperlang/vyper/pull/3671))
- fix: dead code analysis inside for loops ([3731](https://github.com/vyperlang/vyper/pull/3731))
- fix[ir]: fix a latent bug in `sha3_64` codegen ([4063](https://github.com/vyperlang/vyper/pull/4063))
- fix: `opcodes` and `opcodes_runtime` outputs ([3735](https://github.com/vyperlang/vyper/pull/3735))
- fix: bad assertion in expr.py ([3758](https://github.com/vyperlang/vyper/pull/3758))
- fix: iterator modification analysis ([3764](https://github.com/vyperlang/vyper/pull/3764))
- feat: allow constant interfaces ([3718](https://github.com/vyperlang/vyper/pull/3718))
- fix: assembly dead code eliminator ([3791](https://github.com/vyperlang/vyper/pull/3791))
- fix: prevent range over decimal ([3798](https://github.com/vyperlang/vyper/pull/3798))
- fix: mutability check for interface implements ([3805](https://github.com/vyperlang/vyper/pull/3805))
- fix[codegen]: fix non-memory reason strings ([3877](https://github.com/vyperlang/vyper/pull/3877))
- fix[ux]: fix compiler hang for large exponentiations ([3893](https://github.com/vyperlang/vyper/pull/3893))
- fix[lang]: allow type expressions inside pure functions ([3906](https://github.com/vyperlang/vyper/pull/3906))
- fix[ux]: raise `VersionException` with source info ([3920](https://github.com/vyperlang/vyper/pull/3920))
- fix[lang]: fix `pow` folding when args are not literals ([3949](https://github.com/vyperlang/vyper/pull/3949))
- fix[codegen]: fix some hardcoded references to `STORAGE` location ([4015](https://github.com/vyperlang/vyper/pull/4015))

Patched security advisories (GHSAs)

- Bounds check on built-in `slice()` function can be overflowed ([GHSA-9x7f-gwxq-6f2c](https://github.com/vyperlang/vyper/security/advisories/GHSA-9x7f-gwxq-6f2c))
- `concat` built-in can corrupt memory ([GHSA-2q8v-3gqq-4f8p](https://github.com/vyperlang/vyper/security/advisories/GHSA-2q8v-3gqq-4f8p))
- `raw_call` `value=` kwargs not disabled for static and delegate calls ([GHSA-x2c2-q32w-4w6m](https://github.com/vyperlang/vyper/security/advisories/GHSA-x2c2-q32w-4w6m))
- negative array index bounds checks ([GHSA-52xq-j7v9-v4v2](https://github.com/vyperlang/vyper/security/advisories/GHSA-52xq-j7v9-v4v2))
- `range(start, start + N)` reverts for negative numbers ([GHSA-ppx5-q359-pvwj](https://github.com/vyperlang/vyper/security/advisories/GHSA-ppx5-q359-pvwj))
- incorrect topic logging in `raw_log` ([GHSA-xchq-w5r3-4wg3](https://github.com/vyperlang/vyper/security/advisories/GHSA-xchq-w5r3-4wg3))
- double eval of the `slice` start/length args in certain cases ([GHSA-r56x-j438-vw5m](https://github.com/vyperlang/vyper/security/advisories/GHSA-r56x-j438-vw5m))
- multiple eval of `sqrt()` built in argument ([GHSA-5jrj-52x8-m64h](https://github.com/vyperlang/vyper/security/advisories/GHSA-5jrj-52x8-m64h))
- double eval of `raw_args` in `create_from_blueprint` ([GHSA-3whq-64q2-qfj6](https://github.com/vyperlang/vyper/security/advisories/GHSA-3whq-64q2-qfj6))
- `sha3` codegen bug ([GHSA-6845-xw22-ffxv](https://github.com/vyperlang/vyper/security/advisories/GHSA-6845-xw22-ffxv))
- `extract32` can read dirty memory ([GHSA-4hwq-4cpm-8vmx](https://github.com/vyperlang/vyper/security/advisories/GHSA-4hwq-4cpm-8vmx))
- `_abi_decode` Memory Overflow ([GHSA-9p8r-4xp4-gw5w](https://github.com/vyperlang/vyper/security/advisories/GHSA-9p8r-4xp4-gw5w))
- External calls can overflow return data to return input buffer ([GHSA-gp3w-2v2m-p686](https://github.com/vyperlang/vyper/security/advisories/GHSA-gp3w-2v2m-p686))

Tooling

- feat[tool]: archive format ([3891](https://github.com/vyperlang/vyper/pull/3891))
- feat[tool]: add source map for constructors ([4008](https://github.com/vyperlang/vyper/pull/4008))
- feat: add short options `-v` and `-O` to the CLI ([3695](https://github.com/vyperlang/vyper/pull/3695))
- feat: Add `bb` and `bb_runtime` output options ([3700](https://github.com/vyperlang/vyper/pull/3700))
- fix: remove hex-ir from format cli options list ([3657](https://github.com/vyperlang/vyper/pull/3657))
- fix: pickleability of `CompilerData` ([3803](https://github.com/vyperlang/vyper/pull/3803))
- feat[tool]: validate AST nodes early in the pipeline ([3809](https://github.com/vyperlang/vyper/pull/3809))
- feat[tool]: delay global constraint check ([3810](https://github.com/vyperlang/vyper/pull/3810))
- feat[tool]: export variable read/write access ([3790](https://github.com/vyperlang/vyper/pull/3790))
- feat[tool]: improvements to AST annotation ([3829](https://github.com/vyperlang/vyper/pull/3829))
- feat[tool]: add `node_id` map to source map ([3811](https://github.com/vyperlang/vyper/pull/3811))
- chore[tool]: add help text for `hex-ir` CLI flag ([3942](https://github.com/vyperlang/vyper/pull/3942))
- refactor[tool]: refactor storage layout export ([3789](https://github.com/vyperlang/vyper/pull/3789))
- fix[tool]: fix cross-compilation issues, add windows CI ([4014](https://github.com/vyperlang/vyper/pull/4014))
- fix[tool]: star option in `outputSelection` ([4094](https://github.com/vyperlang/vyper/pull/4094))

Performance

- perf: lazy eval of f-strings in IRnode ctor ([3602](https://github.com/vyperlang/vyper/pull/3602))
- perf: levenshtein optimization ([3780](https://github.com/vyperlang/vyper/pull/3780))
- feat: frontend optimizations ([3781](https://github.com/vyperlang/vyper/pull/3781))
- feat: optimize `VyperNode.deepcopy` ([3784](https://github.com/vyperlang/vyper/pull/3784))
- feat: more frontend optimizations ([3785](https://github.com/vyperlang/vyper/pull/3785))
- perf: reimplement `IRnode.__deepcopy__` ([3761](https://github.com/vyperlang/vyper/pull/3761))

Testing suite improvements

- refactor[test]: bypass `eth-tester` and interface with evm backend directly ([3846](https://github.com/vyperlang/vyper/pull/3846))
- feat: Refactor `assert_tx_failed` into a context ([3706](https://github.com/vyperlang/vyper/pull/3706))
- feat[test]: implement `abi_decode` spec test ([4095](https://github.com/vyperlang/vyper/pull/4095))
- feat[test]: add more coverage to `abi_decode` fuzzer tests ([4153](https://github.com/vyperlang/vyper/pull/4153))
- feat[ci]: enable cancun testing ([3861](https://github.com/vyperlang/vyper/pull/3861))
- fix: add missing test for memory allocation overflow ([3650](https://github.com/vyperlang/vyper/pull/3650))
- chore: fix test for `slice` ([3633](https://github.com/vyperlang/vyper/pull/3633))
- add `abi_types` unit tests ([3662](https://github.com/vyperlang/vyper/pull/3662))
- refactor: test directory structure ([3664](https://github.com/vyperlang/vyper/pull/3664))
- chore: test all output formats ([3683](https://github.com/vyperlang/vyper/pull/3683))
- chore: deduplicate test files ([3773](https://github.com/vyperlang/vyper/pull/3773))
- feat[test]: add more transient storage tests ([3883](https://github.com/vyperlang/vyper/pull/3883))
- chore[ci]: fix apt-get failure in era pipeline ([3821](https://github.com/vyperlang/vyper/pull/3821))
- chore[ci]: enable python3.12 tests ([3860](https://github.com/vyperlang/vyper/pull/3860))
- chore[ci]: refactor jobs to use gh actions ([3863](https://github.com/vyperlang/vyper/pull/3863))
- chore[ci]: use `--dist worksteal` from latest `xdist` ([3869](https://github.com/vyperlang/vyper/pull/3869))
- chore: run mypy as part of lint rule in Makefile ([3771](https://github.com/vyperlang/vyper/pull/3771))
- chore[test]: always specify the evm backend ([4006](https://github.com/vyperlang/vyper/pull/4006))
- chore: update lint dependencies ([3704](https://github.com/vyperlang/vyper/pull/3704))
- chore: add color to mypy output ([3793](https://github.com/vyperlang/vyper/pull/3793))
- chore: remove tox rules for lint commands ([3826](https://github.com/vyperlang/vyper/pull/3826))
- chore[ci]: roll back GH actions/artifacts version ([3838](https://github.com/vyperlang/vyper/pull/3838))
- chore: Upgrade GitHub action dependencies ([3807](https://github.com/vyperlang/vyper/pull/3807))
- chore[ci]: pin eth-abi for decode regression ([3834](https://github.com/vyperlang/vyper/pull/3834))
- fix[ci]: release artifacts ([3839](https://github.com/vyperlang/vyper/pull/3839))
- chore[ci]: merge mypy job into lint ([3840](https://github.com/vyperlang/vyper/pull/3840))
- test: parametrize CI over EVM versions ([3842](https://github.com/vyperlang/vyper/pull/3842))
- feat[ci]: add PR title validation ([3887](https://github.com/vyperlang/vyper/pull/3887))
- fix[test]: fix failure in grammar fuzzing ([3892](https://github.com/vyperlang/vyper/pull/3892))
- feat[test]: add `xfail_strict`, clean up `setup.cfg` ([3889](https://github.com/vyperlang/vyper/pull/3889))
- fix[ci]: pin hexbytes to pre-1.0.0 ([3903](https://github.com/vyperlang/vyper/pull/3903))
- chore[test]: update hexbytes version and tests ([3904](https://github.com/vyperlang/vyper/pull/3904))
- fix[test]: fix a bad bound in decimal fuzzing ([3909](https://github.com/vyperlang/vyper/pull/3909))
- fix[test]: fix a boundary case in decimal fuzzing ([3918](https://github.com/vyperlang/vyper/pull/3918))
- feat[ci]: update pypi release pipeline to use OIDC ([3912](https://github.com/vyperlang/vyper/pull/3912))
- chore[ci]: reconfigure single commit validation ([3937](https://github.com/vyperlang/vyper/pull/3937))
- chore[ci]: downgrade codecov action to v3 ([3940](https://github.com/vyperlang/vyper/pull/3940))
- feat[ci]: add codecov configuration ([4057](https://github.com/vyperlang/vyper/pull/4057))
- feat[test]: remove memory mocker ([4005](https://github.com/vyperlang/vyper/pull/4005))
- refactor[test]: change fixture scope in examples ([3995](https://github.com/vyperlang/vyper/pull/3995))
- fix[test]: fix call graph stability fuzzer ([4064](https://github.com/vyperlang/vyper/pull/4064))
- chore[test]: add macos to test matrix ([4025](https://github.com/vyperlang/vyper/pull/4025))
- refactor[test]: change default expected exception type ([4004](https://github.com/vyperlang/vyper/pull/4004))

Misc / refactor

- feat[ir]: add `eval_once` sanity fences to more builtins ([3835](https://github.com/vyperlang/vyper/pull/3835))
- fix: reorder compilation of branches in stmt.py ([3603](https://github.com/vyperlang/vyper/pull/3603))
- refactor[codegen]: make settings into a global object ([3929](https://github.com/vyperlang/vyper/pull/3929))
- chore: improve exception handling in IR generation ([3705](https://github.com/vyperlang/vyper/pull/3705))
- refactor: merge `annotation.py` and `local.py` ([3456](https://github.com/vyperlang/vyper/pull/3456))
- chore[ux]: remove deprecated python AST classes ([3998](https://github.com/vyperlang/vyper/pull/3998))
- refactor[ux]: remove deprecated `VyperNode` properties ([3999](https://github.com/vyperlang/vyper/pull/3999))
- feat: remove Index AST node ([3757](https://github.com/vyperlang/vyper/pull/3757))
- refactor: for loop target parsing ([3724](https://github.com/vyperlang/vyper/pull/3724))
- chore: improve diagnostics for invalid for loop annotation ([3721](https://github.com/vyperlang/vyper/pull/3721))
- refactor: builtin functions inherit from `VyperType` ([3559](https://github.com/vyperlang/vyper/pull/3559))
- fix: remove .keyword from Call AST node ([3689](https://github.com/vyperlang/vyper/pull/3689))
- improvement: assert descriptions in Crowdfund finalize() and participate() ([3064](https://github.com/vyperlang/vyper/pull/3064))
- feat: improve panics in IR generation ([3708](https://github.com/vyperlang/vyper/pull/3708))
- feat: improve warnings, refactor `vyper_warn()` ([3800](https://github.com/vyperlang/vyper/pull/3800))
- fix[ir]: unique symbol name ([3848](https://github.com/vyperlang/vyper/pull/3848))
- refactor: remove duplicate terminus checking code ([3541](https://github.com/vyperlang/vyper/pull/3541))
- refactor: `ExprVisitor` type validation ([3739](https://github.com/vyperlang/vyper/pull/3739))
- chore: improve exception for type validation ([3759](https://github.com/vyperlang/vyper/pull/3759))
- fix: fuzz test not updated to use TypeMismatch ([3768](https://github.com/vyperlang/vyper/pull/3768))
- chore: fix `StringEnum._generate_next_value]()` signature ([3770](https://github.com/vyperlang/vyper/pull/3770))
- chore: improve some error messages ([3775](https://github.com/vyperlang/vyper/pull/3775))
- refactor: `get_search_paths()` for vyper cli ([3778](https://github.com/vyperlang/vyper/pull/3778))
- chore: replace occurrences of 'enum' by 'flag' ([3794](https://github.com/vyperlang/vyper/pull/3794))
- chore: add another borrowship test ([3802](https://github.com/vyperlang/vyper/pull/3802))
- chore[ux]: improve an exports error message ([3822](https://github.com/vyperlang/vyper/pull/3822))
- chore: improve codegen test coverage report ([3824](https://github.com/vyperlang/vyper/pull/3824))
- chore: improve syntax error messages ([3885](https://github.com/vyperlang/vyper/pull/3885))
- chore[tool]: remove `vyper-serve` from `setup.py` ([3936](https://github.com/vyperlang/vyper/pull/3936))
- fix[ux]: replace standard strings with f-strings ([3953](https://github.com/vyperlang/vyper/pull/3953))
- chore[ir]: sanity check types in for range codegen ([3968](https://github.com/vyperlang/vyper/pull/3968))

New Contributors
* engn33r made their first contribution in https://github.com/vyperlang/vyper/pull/3658
* iFrostizz made their first contribution in https://github.com/vyperlang/vyper/pull/3662
* harkal made their first contribution in https://github.com/vyperlang/vyper/pull/3659
* DanielSchiavini made their first contribution in https://github.com/vyperlang/vyper/pull/3704
* AlbertoCentonze made their first contribution in https://github.com/vyperlang/vyper/pull/3697
* f3rmion made their first contribution in https://github.com/vyperlang/vyper/pull/3715
* 0x0077 made their first contribution in https://github.com/vyperlang/vyper/pull/3680
* Thabokani made their first contribution in https://github.com/vyperlang/vyper/pull/3749
* BoboTiG made their first contribution in https://github.com/vyperlang/vyper/pull/3747
* cyberthirst made their first contribution in https://github.com/vyperlang/vyper/pull/3871
* MoigeMatino made their first contribution in https://github.com/vyperlang/vyper/pull/3936
* wellweek made their first contribution in https://github.com/vyperlang/vyper/pull/3855
* electriclilies made their first contribution in https://github.com/vyperlang/vyper/pull/3969

**Full Changelog**: https://github.com/vyperlang/vyper/compare/v0.3.10...v0.4.0

0.4.0rc6

Not secure
What's Changed
* fix[codegen]: fix double evals in sqrt, slice, blueprint by cyberthirst in https://github.com/vyperlang/vyper/pull/3976
* fix[codegen]: fix double eval in dynarray append/pop by charles-cooper in https://github.com/vyperlang/vyper/pull/4030
* feat[venom]: optimize mem2var and store/variable elimination pass sequences by harkal in https://github.com/vyperlang/vyper/pull/4032
* fix[venom]: fix some sccp evaluations by charles-cooper in https://github.com/vyperlang/vyper/pull/4028
* feat[venom]: "pickaxe" stack scheduler optimization by charles-cooper in https://github.com/vyperlang/vyper/pull/3951
* fix[codegen]: fix some hardcoded references to `STORAGE` location by cyberthirst in https://github.com/vyperlang/vyper/pull/4015
* feat[venom]: remove redundant store elimination pass by charles-cooper in https://github.com/vyperlang/vyper/pull/4036
* fix[venom]: remove some dead code in `venom_to_assembly` by charles-cooper in https://github.com/vyperlang/vyper/pull/4042
* fix[codegen]: fix double eval of start in range expr by cyberthirst in https://github.com/vyperlang/vyper/pull/4033
* chore[docs]: `implements` does not check event declarations by pcaversaccio in https://github.com/vyperlang/vyper/pull/4052
* feat[lang]!: make internal decorator optional by charles-cooper in https://github.com/vyperlang/vyper/pull/4040
* fix[codegen]: fix `make_setter` overlap with internal calls by charles-cooper in https://github.com/vyperlang/vyper/pull/4037
* feat[venom]: improve unused variable removal pass by harkal in https://github.com/vyperlang/vyper/pull/4055
* refactor[tool]: refactor storage layout export by charles-cooper in https://github.com/vyperlang/vyper/pull/3789
* feat[venom]: optimize branching by harkal in https://github.com/vyperlang/vyper/pull/4049
* feat[ci]: add codecov configuration by charles-cooper in https://github.com/vyperlang/vyper/pull/4057
* feat[venom]: avoid last `swap` for commutative ops by harkal in https://github.com/vyperlang/vyper/pull/4048
* fix[tool]: compile multiple files by charles-cooper in https://github.com/vyperlang/vyper/pull/4053
* chore[docs]: add docs for v0.4.0 features by charles-cooper in https://github.com/vyperlang/vyper/pull/3947
* fix[codegen]: fix `_abi_decode` buffer overflow by cyberthirst in https://github.com/vyperlang/vyper/pull/3925
* fix[test]: fix call graph stability fuzzer by charles-cooper in https://github.com/vyperlang/vyper/pull/4064
* fix[venom]: remove liveness requests by harkal in https://github.com/vyperlang/vyper/pull/4058
* feat[venom]: add algebraic optimization pass by harkal in https://github.com/vyperlang/vyper/pull/4054
* fix[ir]: fix a latent bug in `sha3_64` codegen by charles-cooper in https://github.com/vyperlang/vyper/pull/4063
* fix[codegen]: fix `make_setter` overlap in `dynarray_append` by charles-cooper in https://github.com/vyperlang/vyper/pull/4059
* fix[venom]: fix list of volatile instructions by charles-cooper in https://github.com/vyperlang/vyper/pull/4065


**Full Changelog**: https://github.com/vyperlang/vyper/compare/v0.4.0rc5...v0.4.0rc6

0.4.0rc5

Not secure
What's Changed
* chore[ir]: sanity check types in for range codegen by charles-cooper in https://github.com/vyperlang/vyper/pull/3968
* feat[tool]!: make cancun the default evm version by charles-cooper in https://github.com/vyperlang/vyper/pull/4029


**Full Changelog**: https://github.com/vyperlang/vyper/compare/v0.4.0rc4...v0.4.0rc5

0.4.0rc4

Not secure
What's Changed
* refactor[venom]: remove unused method in `make_ssa.py` by harkal in https://github.com/vyperlang/vyper/pull/4012
* fix[venom]: fix return opcode handling in mem2var by harkal in https://github.com/vyperlang/vyper/pull/4011
* feat[tool]: add source map for constructors by tserg in https://github.com/vyperlang/vyper/pull/4008
* fix[lang]: recursion in `uses` analysis for nonreentrant functions by charles-cooper in https://github.com/vyperlang/vyper/pull/3971
* fix[lang]: typecheck hashmap indexes with folding by DanielSchiavini in https://github.com/vyperlang/vyper/pull/4007
* fix[venom]: fix `cfg` output format by harkal in https://github.com/vyperlang/vyper/pull/4010
* fix[codegen]: fix `raw_log()` when topics are non-literals by cyberthirst in https://github.com/vyperlang/vyper/pull/3977
* chore[venom]: fix output formatting of data segment in `IRContext` by harkal in https://github.com/vyperlang/vyper/pull/4016
* feat[venom]: add store elimination pass by harkal in https://github.com/vyperlang/vyper/pull/4021
* fix[tool]: fix cross-compilation issues, add windows CI by charles-cooper in https://github.com/vyperlang/vyper/pull/4014
* chore[test]: add macos to test matrix by DanielSchiavini in https://github.com/vyperlang/vyper/pull/4025


**Full Changelog**: https://github.com/vyperlang/vyper/compare/v0.4.0rc3...v0.4.0rc4

0.4.0rc3

Not secure
What's Changed
* chore[ux]: compute natspec as part of standard pipeline by charles-cooper in https://github.com/vyperlang/vyper/pull/3946
* chore[tool]: add help text for `hex-ir` CLI flag by antazoey in https://github.com/vyperlang/vyper/pull/3942
* fix[ux]: replace standard strings with f-strings by trocher in https://github.com/vyperlang/vyper/pull/3953
* fix[lang]: builtin type comparisons by charles-cooper in https://github.com/vyperlang/vyper/pull/3956
* fix[lang]: fix `pow` folding when args are not literals by charles-cooper in https://github.com/vyperlang/vyper/pull/3949
* chore[docs]: fix some typos by wellweek in https://github.com/vyperlang/vyper/pull/3855
* feat[lang]: support `block.blobbasefee` by tserg in https://github.com/vyperlang/vyper/pull/3945
* fix[docs]: fix clipped `endAuction` method in example section by electriclilies in https://github.com/vyperlang/vyper/pull/3969
* feat[venom]: implement `mem2var` and `sccp` passes by harkal in https://github.com/vyperlang/vyper/pull/3941
* chore[ci]: downgrade codecov action to v3 by charles-cooper in https://github.com/vyperlang/vyper/pull/3940
* refactor[docs]: refactor security policy by cyberthirst in https://github.com/vyperlang/vyper/pull/3981
* fix[codegen]: same symbol jumpdest merge by harkal in https://github.com/vyperlang/vyper/pull/3982
* refactor[test]: bypass `eth-tester` and interface with evm backend directly by DanielSchiavini in https://github.com/vyperlang/vyper/pull/3846
* feat[lang]: add `blobhash()` builtin by pcaversaccio in https://github.com/vyperlang/vyper/pull/3962
* refactor[venom]: introduce `IRContext` and `IRAnalysisCache` by harkal in https://github.com/vyperlang/vyper/pull/3983
* feat[test]: remove memory mocker by charles-cooper in https://github.com/vyperlang/vyper/pull/4005
* chore[test]: always specify the evm backend by DanielSchiavini in https://github.com/vyperlang/vyper/pull/4006
* refactor[test]: change default expected exception type by DanielSchiavini in https://github.com/vyperlang/vyper/pull/4004
* chore[ux]: remove deprecated python AST classes by tserg in https://github.com/vyperlang/vyper/pull/3998
* refactor[ux]: remove deprecated `VyperNode` properties by tserg in https://github.com/vyperlang/vyper/pull/3999
* refactor[test]: change fixture scope in examples by charles-cooper in https://github.com/vyperlang/vyper/pull/3995
* feat[tool]: archive format by charles-cooper in https://github.com/vyperlang/vyper/pull/3891
* feat[venom]: optimize `get_basic_block()` by charles-cooper in https://github.com/vyperlang/vyper/pull/4002
* fix[venom]: fix branch eliminator cases in sccp by charles-cooper in https://github.com/vyperlang/vyper/pull/4003
* fix[venom]: fix eval of `exp` in sccp by charles-cooper in https://github.com/vyperlang/vyper/pull/4009

New Contributors
* wellweek made their first contribution in https://github.com/vyperlang/vyper/pull/3855
* electriclilies made their first contribution in https://github.com/vyperlang/vyper/pull/3969

**Full Changelog**: https://github.com/vyperlang/vyper/compare/v0.4.0rc2...v0.4.0rc3

Page 1 of 9

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.