Skip to content

Commit 021c88d

Browse files
authored
Merge branch 'main' into mraszyk/max-wasm-memory-threshold
2 parents 8369da4 + 9460269 commit 021c88d

13 files changed

Lines changed: 387 additions & 103 deletions

File tree

.sources/VERSIONS

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -57,9 +57,9 @@ chain-fusion-signer v0.4.0
5757
papi v0.1.1 168bc9d
5858
ic-pub-key v1.0.1 f89fa55
5959
icp-cli v1.0.0 9eed60c
60-
motoko v1.9.0 e7c78d7
60+
motoko v1.11.0 c3a6eb3
6161
motoko-core v2.4.0 cd37dbf
6262
cdk-rs ic-cdk v0.20.1 / ic-cdk-timers v1.0.0 / ic-cdk-executor v2.0.0 317f55c
6363
candid 2025-12-18 # candid v0.10.20, didc v0.5.4 2e4a2cf
6464
response-verification v3.1.0 18c5a37
65-
internetidentity release-2026-06-15 1f4104b5
65+
internetidentity release-2026-06-29 5fe49cfd

.sources/internetidentity

Submodule internetidentity updated 223 files

.sources/motoko

Submodule motoko updated 276 files

docs/guides/governance/managing.md

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -121,6 +121,12 @@ type NervousSystemParameters = record {
121121
};
122122
```
123123

124+
:::caution[Changing the SNS token transfer fee]
125+
Do not use `ManageNervousSystemParameters.transaction_fee_e8s` to change the SNS token transfer fee. This field updates only Governance's stored parameter, not the SNS ledger canister. Worse, because Governance uses this stored value as the fee for its own neuron-operation transfers (disbursing, splitting, staking maturity, and so on), setting it to a value that differs from the ledger's actual fee will cause those transfers to be rejected by the ledger (`BadFee`), breaking neuron operations.
126+
127+
To change the actual ledger transfer fee, submit a [`ManageLedgerParameters`](#manageledgerparameters) proposal with `transfer_fee` set. On successful execution, the ledger fee is updated and Governance's `transaction_fee_e8s` is synced to the same value automatically.
128+
:::
129+
124130
For a description of each parameter and its effect, see the [SNS settings reference](../../references/sns-settings.md).
125131

126132
### ManageSnsMetadata
@@ -155,6 +161,8 @@ quill send message.json
155161

156162
Updates ledger parameters: transfer fee, token name, token symbol, or token logo. Fields set to `null` remain unchanged.
157163

164+
Use `transfer_fee` here to change the SNS token transfer fee; this is the only proposal that updates the actual fee charged by the ledger. On successful execution, it also syncs Governance's `NervousSystemParameters.transaction_fee_e8s` to the same value, so a separate `ManageNervousSystemParameters` proposal is not needed.
165+
158166
```bash
159167
quill sns \
160168
make-proposal $PROPOSAL_NEURON_ID \

docs/languages/motoko/reference/changelog.md

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,50 @@ sidebar:
88

99
# Motoko compiler changelog
1010

11+
## 1.11.0 (2026-06-29)
12+
13+
* motoko (`moc`)
14+
15+
* feat: `moc` now emits the standardized `target_features` Wasm custom section, so `binaryen`-based tools (`wasm-opt`, `ic-wasm optimize`, `dfx`'s `optimize`) accept and optimize Motoko output without per-tool feature flags. Previously these tools defaulted to MVP and rejected the `multivalue`/`bulk-memory`/`memory64` features moc relies on (#6214).
16+
17+
* feat: a `Float32` literal written with more precision than the type can hold now warns (M0266), suggesting the shortest equivalent: e.g. `0.123456789 : Float32``0.12345679`. The surplus digits were already silently discarded by rounding; the warning fires only on genuine excess (minimal literals like `0.1`/`3.14` stay quiet) (#6198).
18+
19+
* feat: allow requiring `system` capability for `mixin` definitions (#6211).
20+
This makes the capability available in initializers and the `mixin` body.
21+
`<system>` then needs to appear on the corresponding `include`.
22+
23+
* feat: allow effectful code in transient `let`s and in `actor`/`mixin` bodies with `--enhanced-migration` (#6191).
24+
25+
* bugfix: `--enhanced-migration` now also applies to `mixin`s and considers their stable fields when checking migrations (#6183).
26+
27+
## 1.10.1 (2026-06-24)
28+
29+
* motoko (`moc`)
30+
31+
* bugfix: M0223 ("redundant type instantiation") and M0237 ("implicit argument can be omitted") no longer emit suggestions that are individually valid but break compilation when applied together. In nested calls where an inner instantiation or implicit is only inferable thanks to an outer one (e.g. `List.fromArray(Array.tabulate(...))`), only a jointly-applicable subset is now suggested, so `mops check --fix` no longer rewrites the code into an M0098 type error. The check is conservative: a few genuinely-redundant cases may go unreported in exchange for soundness (#6209).
32+
33+
## 1.10.0 (2026-06-19)
34+
35+
* motoko (`moc`)
36+
37+
* feat: M0218 ("redundant `stable` keyword") now ships a machine-applicable edit, so `mops check --fix` removes the explicit `stable` keyword on fields of a `persistent actor` (#6175).
38+
39+
* feat: Permitting destructuring patterns against actor types: `let { foo } = a`, `func g({foo} : actor T) {}`, etc. (#6149).
40+
41+
* feat: `/// @deprecated M0235 <message>`: the caffeine deprecation warning (M0235) can now carry a free-text message, rendered as a `note:` sub-diagnostic at every use site. M0154 free-text deprecation messages now render the same way (#6153).
42+
43+
* perf: Multi-value Wasm codegen is now _on by default_, `--no-experimental-multi-value` flag disables (if not desired) (#6165).
44+
45+
* bugfix: M0237 (implicit argument can be omitted) only fires now when the suggested removal preserves the same type instantiation. Previously the edit could be rejected (M0098) (#6166).
46+
47+
* bugfix: M0236 dot-notation suggestion no longer fires for literal receivers: the `lit.f()` rewrite could misparse (`-1.1.isNaN()``-(1.1.isNaN())`), mis-lex (`0xff.abs` as a hex float), or fail to type-check when it lost a literal coercion (`Blob.isEmpty("\00")``"\00".isEmpty()`) (#6173).
48+
49+
* bugfix: M0236 dot-notation suggestion no longer fires when the receiver cannot be inferred or would infer to a different type causing the call to resolve to a different function (#6177).
50+
51+
* bugfix: Implicit argument derivation now resolves type variables that occur only in a covariant result position (e.g. JSON-style decoders `Text -> ?T`). Previously such a variable was solved to `None` (bottom), so the implicit had to be passed explicitly (#6186).
52+
53+
* bugfix: Diagnostic columns now count Unicode codepoints (matching editor displays and `rustc`), and JSON diagnostics gain `byte_start`/`byte_end` for encoding-independent edit anchors. Previously `mops check --fix` over-deleted on multi-byte lines (e.g. `Char.toNat32('京')` trimmed the trailing `)`) (#6168).
54+
1155
## 1.9.0 (2026-06-02)
1256

1357
* motoko (`moc`)

docs/references/ic-interface-spec/abstract-behavior.md

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -348,7 +348,8 @@ SignedDelegation = {
348348
delegation : {
349349
pubkey : PublicKey;
350350
targets : [CanisterId] | Unrestricted;
351-
expiration : Timestamp
351+
expiration : Timestamp;
352+
permissions : Queries | All | Unrestricted
352353
};
353354
signature : Signature
354355
}
@@ -692,14 +693,15 @@ that represents Candid encoding; this is implicitly taking the method types, as
692693
693694
#### Envelope Authentication
694695
695-
The following predicate describes when an envelope `E` correctly signs the enclosed request with a key belonging to a user `U`, at time `T`: It returns which canister ids this envelope may be used at (as a set of principals).
696+
The following predicate describes when an envelope `E` correctly signs the enclosed request with a key belonging to a user `U`, at time `T`: It returns which canister ids this envelope may be used at (as a set of principals). The predicate fails for update calls (requests of type `Request`) if any delegation in the chain restricts the sender to query calls and `read_state` requests (`permissions` field set to `Queries`, encoded as the text `"queries"`).
696697
```
697698
verify_envelope({ content = C }, U, T)
698699
= { p : p is CanisterID } if U = anonymous_id
699700
∧ C.sender_info = null
700701
verify_envelope({ content = C, sender_pubkey = PK, sender_sig = Sig, sender_delegation = DS}, U, T)
701702
= TS if U = mk_self_authenticating_id PK
702703
∧ (PK', TS) = verify_delegations(DS, PK, T, { p : p is CanisterId })
704+
∧ (C is Request ⇒ ∀ D ∈ DS. D.delegation.permissions ≠ Queries)
703705
∧ verify_signature PK' Sig ("\x0Aic-request" · hash_of_map(C))
704706
∧ (if PK = canister_signature_pk Signing_canister_id _:
705707
C.sender_info = null

docs/references/ic-interface-spec/changelog.md

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,9 +8,18 @@ sidebar:
88

99
## Changelog {#changelog}
1010

11-
### 0.63.0 (2026-06-26) {$0_63_0}
11+
### 0.64.0 (2026-07-06) {$0_64_0}
12+
* New optional `permissions` field in request delegations restricting the kinds of requests
13+
the delegation applies for: the value `"queries"` restricts the delegation to query calls
14+
and `read_state` requests, so update calls carrying such a delegation in their chain of
15+
delegations are not accepted; the value `"all"` permits all kinds of requests, same as
16+
omitting the field. Requests of any kind carrying a delegation with any other value of
17+
the `permissions` field are not accepted.
1218
* `wasm_memory_threshold` in canister settings is now bounded by 2<sup>48</sup>, analogously to `wasm_memory_limit`.
1319

20+
### 0.63.0 (2026-06-29) {$0_63_0}
21+
* Support for the HTTP method `PATCH` in canister `http_request` in non-replicated mode.
22+
1423
### 0.62.0 (2025-05-26) {$0_62_0}
1524
* Inter-canister response callback messages might still be executed after the condition for `canister_on_low_wasm_memory` is triggered
1625
and before the function `canister_on_low_wasm_memory` is executed.

docs/references/ic-interface-spec/https-interface.md

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -545,6 +545,14 @@ Signing transactions can be delegated from one key to another one. If delegation
545545

546546
- `targets` (`array` of `CanisterId`, optional): If this field is set, the delegation only applies for requests sent to the canisters in the list. The list must contain no more than 1000 elements; otherwise, the request will not be accepted by the IC.
547547

548+
- `permissions` (`text`, optional): If this field is set, the delegation only applies for the kinds of requests permitted by its value. The following values are supported:
549+
550+
- `"queries"`: the delegation only applies for query calls and `read_state` requests. Requests to `/call` endpoints (i.e., update calls, including calls to query methods submitted as update calls) are not accepted by the IC if any delegation in the chain carries this value: a subsequent delegation cannot lift the restriction imposed by a previous one.
551+
552+
- `"all"`: the delegation applies for all kinds of requests; this is the same as omitting the field.
553+
554+
If this field is set to any other value, then the delegation is invalid and requests of any kind whose chain of delegations contains the delegation will not be accepted by the IC.
555+
548556
- `signature` (`blob`): Signature on the 32-byte [representation-independent hash](#hash-of-map) of the map contained in the `delegation` field as described in [Signatures](./index.md#signatures), using the 27 bytes `\x1Aic-request-auth-delegation` as the domain separator.
549557

550558
For the first delegation in the array, this signature is created with the key corresponding to the public key from the `sender_pubkey` field, all subsequent delegations are signed with the key corresponding to the public key contained in the preceding delegation.
@@ -571,7 +579,7 @@ Field values are hashed as follows:
571579

572580
- Binary blobs (`canister_id`, `arg`, `nonce`, `module`) are hashed as-is.
573581

574-
- Strings (`request_type`, `method_name`) are hashed by hashing their binary encoding in UTF-8, without a terminal `\x00`.
582+
- Strings (`request_type`, `method_name`, `permissions`) are hashed by hashing their binary encoding in UTF-8, without a terminal `\x00`.
575583

576584
- Natural numbers (`compute_allocation`, `memory_allocation`, `ingress_expiry`) are hashed by hashing their binary encoding using the shortest form [Unsigned LEB128](https://en.wikipedia.org/wiki/LEB128#Unsigned_LEB128) encoding. For example, `0` should be encoded as a single zero byte `[0x00]` and `624485` should be encoded as byte sequence `[0xE5, 0x8E, 0x26]`.
577585

docs/references/ic-interface-spec/management-canister.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -640,7 +640,7 @@ In the replicated mode, the responses for all identical requests must match, too
640640

641641
For this reason, the calling canister can supply a transformation function, which the IC uses to let the canister sanitize the responses from such unique values. The transformation function is executed separately on the corresponding response received for a request (both in replicated and non-replicated modes). Only the transformed response will be available to the calling canister.
642642

643-
Currently, the `GET`, `HEAD`, and `POST` methods are supported for HTTP requests. Additionally, the `PUT` and `DELETE` methods are supported in non-replicated mode only. `PUT` and `DELETE` are restricted to non-replicated mode to avoid confusing race conditions that may occur with replicated execution.
643+
Currently, the `GET`, `HEAD`, and `POST` methods are supported for HTTP requests. Additionally, the `PUT`, `DELETE`, and `PATCH` methods are supported in non-replicated mode only. `PUT`, `DELETE`, and `PATCH` are restricted to non-replicated mode to avoid confusing race conditions that may occur with replicated execution.
644644

645645
It is important to note the following for the usage of the `POST` method:
646646

@@ -664,7 +664,7 @@ The following parameters should be supplied for the call:
664664

665665
- `max_response_bytes` - optional, specifies the maximal size of the response in bytes. If provided, the value must not exceed `2MB` (`2,000,000B`). The call will be charged based on this parameter. If not provided, the maximum of `2MB` will be used.
666666

667-
- `method` - currently, `GET`, `HEAD`, and `POST` are supported. Additionally, `PUT` and `DELETE` are supported in non-replicated mode only.
667+
- `method` - currently, `GET`, `HEAD`, and `POST` are supported. Additionally, `PUT`, `DELETE`, and `PATCH` are supported in non-replicated mode only.
668668

669669
- `headers` - list of HTTP request headers and their corresponding values
670670

docs/references/sns-settings.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,7 @@ For background, see [SNS framework](../concepts/sns-framework.md).
4343

4444
| Parameter | Type | Description |
4545
|---|---|---|
46-
| `transaction_fee_e8s` | `nat64` | Per-transfer fee on the SNS ledger, in e8s. Does not apply to minting or burning. |
46+
| `transaction_fee_e8s` | `nat64` | Governance's stored copy of the per-transfer ledger fee, in e8s. Does not apply to minting or burning. Do not set this field via `ManageNervousSystemParameters` to change the fee: it updates only Governance's copy, not the ledger. Change the fee with a `ManageLedgerParameters` proposal instead, which updates the ledger and syncs this field automatically (see [Managing an SNS](../guides/governance/managing.md#manageledgerparameters)). |
4747

4848
## Voting reward settings
4949

0 commit comments

Comments
 (0)