Merge remote-tracking branch 'origin/master' into jribbink/height-pins

Author: jribbink

go.mod

@@ -12,20 +12,20 @@ require (
 	github.com/getsentry/sentry-go v0.40.0
 	github.com/gosuri/uilive v0.0.4
 	github.com/logrusorgru/aurora/v4 v4.0.0
-	github.com/onflow/cadence v1.9.2
-	github.com/onflow/cadence-tools/languageserver v1.8.0
-	github.com/onflow/cadence-tools/lint v1.7.0
-	github.com/onflow/cadence-tools/test v1.10.0
+	github.com/onflow/cadence v1.9.4
+	github.com/onflow/cadence-tools/languageserver v1.9.0
+	github.com/onflow/cadence-tools/lint v1.7.1
+	github.com/onflow/cadence-tools/test v1.10.1
 	github.com/onflow/fcl-dev-wallet v0.9.1
-	github.com/onflow/flixkit-go/v2 v2.7.0
+	github.com/onflow/flixkit-go/v2 v2.7.1
 	github.com/onflow/flow-core-contracts/lib/go/contracts v1.9.2
 	github.com/onflow/flow-core-contracts/lib/go/templates v1.9.2
-	github.com/onflow/flow-emulator v1.15.0
-	github.com/onflow/flow-evm-gateway v1.4.4
-	github.com/onflow/flow-go v0.45.0-experimental-cadence-v1.8.7.0.20251219170433-76749cca9738
-	github.com/onflow/flow-go-sdk v1.9.8
-	github.com/onflow/flow/protobuf/go/flow v0.4.18
-	github.com/onflow/flowkit/v2 v2.10.1-0.20260106074841-4cacbcfc75c5
+	github.com/onflow/flow-emulator v1.15.3
+	github.com/onflow/flow-evm-gateway v1.4.5-0.20260109131900-576c361f7c70
+	github.com/onflow/flow-go v0.45.0-experimental-cadence-v1.8.7.0.20260109014156-2abea7b5732a
+	github.com/onflow/flow-go-sdk v1.9.10
+	github.com/onflow/flow/protobuf/go/flow v0.4.19
+	github.com/onflow/flowkit/v2 v2.10.1
 	github.com/onflowser/flowser/v3 v3.2.1-0.20240131200229-7d4d22715f48
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c
 	github.com/pkg/errors v0.9.1
@@ -44,7 +44,7 @@ require (
 
 require (
 	cloud.google.com/go v0.121.6 // indirect
-	cloud.google.com/go/auth v0.17.0 // indirect
+	cloud.google.com/go/auth v0.18.0 // indirect
 	cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect
 	cloud.google.com/go/compute/metadata v0.9.0 // indirect
 	cloud.google.com/go/iam v1.5.3 // indirect
@@ -132,7 +132,7 @@ require (
 	github.com/google/s2a-go v0.1.9 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.7 // indirect
-	github.com/googleapis/gax-go/v2 v2.15.0 // indirect
+	github.com/googleapis/gax-go/v2 v2.16.0 // indirect
 	github.com/gorilla/mux v1.8.1 // indirect
 	github.com/gorilla/websocket v1.5.3 // indirect
 	github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.1.0 // indirect
@@ -280,27 +280,27 @@ require (
 	go.uber.org/zap v1.27.0 // indirect
 	go.yaml.in/yaml/v2 v2.4.2 // indirect
 	go.yaml.in/yaml/v3 v3.0.4 // indirect
-	golang.org/x/crypto v0.45.0 // indirect
-	golang.org/x/net v0.47.0 // indirect
-	golang.org/x/oauth2 v0.33.0 // indirect
-	golang.org/x/sync v0.18.0 // indirect
+	golang.org/x/crypto v0.46.0 // indirect
+	golang.org/x/net v0.48.0 // indirect
+	golang.org/x/oauth2 v0.34.0 // indirect
+	golang.org/x/sync v0.19.0 // indirect
 	golang.org/x/sys v0.39.0 // indirect
-	golang.org/x/text v0.31.0 // indirect
+	golang.org/x/text v0.32.0 // indirect
 	golang.org/x/time v0.14.0 // indirect
 	golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da // indirect
 	gonum.org/v1/gonum v0.16.0 // indirect
-	google.golang.org/api v0.257.0 // indirect
+	google.golang.org/api v0.259.0 // indirect
 	google.golang.org/appengine v1.6.8 // indirect
-	google.golang.org/genproto v0.0.0-20251111163417-95abcf5c77ba // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20251103181224-f26f9409b101 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20251124214823-79d6a2a48846 // indirect
-	google.golang.org/protobuf v1.36.10 // indirect
+	google.golang.org/genproto v0.0.0-20251202230838-ff82c1b0f217 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20251222181119-0a764e51fe1b // indirect
+	google.golang.org/protobuf v1.36.11 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	lukechampine.com/blake3 v1.4.1 // indirect
 	modernc.org/libc v1.66.10 // indirect
 	modernc.org/mathutil v1.7.1 // indirect
 	modernc.org/memory v1.11.0 // indirect
-	modernc.org/sqlite v1.40.1 // indirect
+	modernc.org/sqlite v1.41.0 // indirect
 	nhooyr.io/websocket v1.8.7 // indirect
 )

go.sum

@@ -189,6 +189,33 @@ func Test_Lint(t *testing.T) {
 		)
 	})
 
+	t.Run("generates synthetic replacement for replacement category diagnostics", func(t *testing.T) {
+		t.Parallel()
+
+		state := setupMockState(t)
+
+		results, err := lintFiles(state, "ReplacementHint.cdc")
+		require.NoError(t, err)
+
+		require.Len(t, results.Results, 1)
+		require.Len(t, results.Results[0].Diagnostics, 1)
+
+		diagnostic := results.Results[0].Diagnostics[0]
+
+		// Should have the replacement category
+		require.Equal(t, "replacement-hint", diagnostic.Category)
+
+		// Should have a secondary message with the replacement suggestion
+		require.Equal(t, "consider replacing with:", diagnostic.Message)
+		require.Equal(t, "1.0", diagnostic.SecondaryMessage)
+
+		// Should have synthetic suggested fixes generated from secondary message
+		require.Len(t, diagnostic.SuggestedFixes, 1)
+		require.Equal(t, "consider replacing with: `1.0`", diagnostic.SuggestedFixes[0].Message)
+		require.Len(t, diagnostic.SuggestedFixes[0].TextEdits, 1)
+		require.Equal(t, "1.0", diagnostic.SuggestedFixes[0].TextEdits[0].Replacement)
+	})
+
 	t.Run("linter resolves imports from flowkit state", func(t *testing.T) {
 		t.Parallel()
 
@@ -476,6 +503,12 @@ func setupMockState(t *testing.T) *flowkit.State {
 			qqq
 		}
 	}`), 0644)
+	_ = afero.WriteFile(mockFs, "ReplacementHint.cdc", []byte(`
+	access(all) contract ReplacementHint {
+		access(all) fun test() {
+			let x = UFix64(1)
+		}
+	}`), 0644)
 	_ = afero.WriteFile(mockFs, "CadenceV1Error.cdc", []byte(`
 	access(all) contract CadenceV1Error {
 		init() {

internal/cadence/lint_test.go

@@ -156,6 +156,28 @@ func (l *linter) lintFile(
 	}
 	analysisProgram.Run(analyzers, report)
 
+	// Generate synthetic replacements for replacement category diagnostics
+	// that don't have suggested fixes
+	for i := range diagnostics {
+		diagnostic := &diagnostics[i]
+		if diagnostic.Category == cdclint.ReplacementCategory &&
+			len(diagnostic.SuggestedFixes) == 0 &&
+			diagnostic.SecondaryMessage != "" {
+			// Create a synthetic suggested fix from the secondary message
+			diagnostic.SuggestedFixes = []cdcerrors.SuggestedFix[ast.TextEdit]{
+				{
+					Message: fmt.Sprintf("%s `%s`", diagnostic.Message, diagnostic.SecondaryMessage),
+					TextEdits: []ast.TextEdit{
+						{
+							Range:       diagnostic.Range,
+							Replacement: diagnostic.SecondaryMessage,
+						},
+					},
+				},
+			}
+		}
+	}
+
 	return diagnostics, nil
 }
 

internal/cadence/linter.go

@@ -34,20 +34,21 @@ import (
 	"sync"
 	"time"
 
-	"github.com/onflow/flow-cli/internal/prompt"
-
 	"github.com/coreos/go-semver/semver"
 	"github.com/dukex/mixpanel"
 	"github.com/getsentry/sentry-go"
 	"github.com/spf13/afero"
 	"github.com/spf13/cobra"
 
 	"github.com/onflow/flowkit/v2"
+	"github.com/onflow/flowkit/v2/accounts"
 	"github.com/onflow/flowkit/v2/config"
 	"github.com/onflow/flowkit/v2/gateway"
 	"github.com/onflow/flowkit/v2/output"
 
 	"github.com/onflow/flow-cli/build"
+	"github.com/onflow/flow-cli/common/branding"
+	"github.com/onflow/flow-cli/internal/prompt"
 	"github.com/onflow/flow-cli/internal/settings"
 	"github.com/onflow/flow-cli/internal/util"
 )
@@ -131,6 +132,9 @@ func (c Command) AddToParent(parent *cobra.Command) {
 			checkVersion(logger)
 		}
 
+		// warn about inline keys in config
+		checkForInlineKeys(state, logger)
+
 		// record command usage
 		wg := sync.WaitGroup{}
 		go UsageMetrics(c.Cmd, &wg)
@@ -328,6 +332,33 @@ func isDevelopment() bool {
 	return build.Semver() == "undefined"
 }
 
+// checkForInlineKeys warns users if they have accounts with inline private keys in flow.json
+func checkForInlineKeys(state *flowkit.State, logger output.Logger) {
+	if state == nil {
+		return
+	}
+
+	var inlineKeyAccounts []string
+	for _, account := range *state.Accounts() {
+		if _, isHexKey := account.Key.(*accounts.HexKey); isHexKey {
+			inlineKeyAccounts = append(inlineKeyAccounts, account.Name)
+		}
+	}
+
+	if len(inlineKeyAccounts) > 0 {
+		cmd := branding.GreenStyle.Render("flow config extract-key --all")
+		logger.Info(fmt.Sprintf(
+			"\n%s Security warning: %d account(s) have private keys stored directly in flow.json: %s\n"+
+				"   Extract them to separate key files by running: %s\n"+
+				"   Learn more: https://developers.flow.com/build/tools/flow-cli/flow.json/security\n",
+			output.WarningEmoji(),
+			len(inlineKeyAccounts),
+			strings.Join(inlineKeyAccounts, ", "),
+			cmd,
+		))
+	}
+}
+
 // initCrashReporting set-ups sentry as crash reporting tool, it also sets listener for panics
 // and asks before sending the error for a permission to do so from the user.
 func initCrashReporting() {

internal/command/command.go

@@ -31,6 +31,7 @@ var Cmd = &cobra.Command{
 func init() {
 	Cmd.AddCommand(addCmd)
 	Cmd.AddCommand(removeCmd)
+	extractKeyCommand.AddToParent(Cmd)
 }
 
 type result struct {