Skip to content

build(deps): bump the npm_and_yarn group across 1 directory with 10 updates #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

build(deps): bump the npm_and_yarn group across 1 directory with 10 updates #5

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Jan 21, 2025

Bumps the npm_and_yarn group with 9 updates in the / directory:

Package From To
@openzeppelin/contracts 4.8.3 4.9.6
ws 7.5.9 7.5.10
@nomicfoundation/hardhat-toolbox 2.0.1 5.0.0
braces 3.0.2 3.0.3
flat 4.1.1 5.0.2
eth-gas-reporter 0.2.25 0.2.27
solidity-coverage 0.8.2 0.8.14
secp256k1 4.0.3 4.0.4
undici 5.16.0 5.28.5

Updates @openzeppelin/contracts from 4.8.3 to 4.9.6

Release notes

Sourced from @​openzeppelin/contracts's releases.

v4.9.6

  • Base64: Fix issue where dirty memory located just after the input buffer is affecting the result. (#4929)

v4.9.5

  • Multicall: Make aware of non-canonical context (i.e. msg.sender is not _msgSender()), allowing compatibility with ERC2771Context. Patch duplicated Address.functionDelegateCall in v4.9.4 (removed).

v4.9.4

  • ERC2771Context and Context: Introduce a _contextPrefixLength() getter, used to trim extra information appended to msg.data.
  • Multicall: Make aware of non-canonical context (i.e. msg.sender is not _msgSender()), allowing compatibility with ERC2771Context.

v4.9.3

Note This release contains a fix for GHSA-g4vp-m682-qqmp.

  • ERC2771Context: Return the forwarder address whenever the msg.data of a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length is less than 20 bytes), as specified by ERC-2771. (#4481)
  • ERC2771Context: Prevent revert in _msgData() when a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length is less than 20 bytes). Return the full calldata in that case. (#4484)

v4.9.2

Note This release contains a fix for GHSA-wprv-93r4-jj2p.

  • MerkleProof: Fix a bug in processMultiProof and processMultiProofCalldata that allows proving arbitrary leaves if the tree contains a node with value 0 at depth 1.

v4.9.1

Note This release contains a fix for GHSA-5h3x-9wvq-w4m2.

  • Governor: Add a mechanism to restrict the address of the proposer using a suffix in the description.

v4.9.0

  • ReentrancyGuard: Add a _reentrancyGuardEntered function to expose the guard status. (#3714)
  • ERC721Wrapper: add a new extension of the ERC721 token which wraps an underlying token. Deposit and withdraw guarantee that the ownership of each token is backed by a corresponding underlying token with the same identifier. (#3863)
  • EnumerableMap: add a keys() function that returns an array containing all the keys. (#3920)
  • Governor: add a public cancel(uint256) function. (#3983)
  • Governor: Enable timestamp operation for blockchains without a stable block time. This is achieved by connecting a Governor's internal clock to match a voting token's EIP-6372 interface. (#3934)
  • Strings: add equal method. (#3774)
  • IERC5313: Add an interface for EIP-5313 that is now final. (#4013)
  • IERC4906: Add an interface for ERC-4906 that is now Final. (#4012)
  • StorageSlot: Add support for string and bytes. (#4008)
  • Votes, ERC20Votes, ERC721Votes: support timestamp checkpointing using EIP-6372. (#3934)
  • ERC4626: Add mitigation to the inflation attack through virtual shares and assets. (#3979)
  • Strings: add toString method for signed integers. (#3773)
  • ERC20Wrapper: Make the underlying variable private and add a public accessor. (#4029)
  • EIP712: add EIP-5267 support for better domain discovery. (#3969)
  • AccessControlDefaultAdminRules: Add an extension of AccessControl with additional security rules for the DEFAULT_ADMIN_ROLE. (#4009)
  • SignatureChecker: Add isValidERC1271SignatureNow for checking a signature directly against a smart contract using ERC-1271. (#3932)
  • SafeERC20: Add a forceApprove function to improve compatibility with tokens behaving like USDT. (#4067)

... (truncated)

Changelog

Sourced from @​openzeppelin/contracts's changelog.

4.9.6 (2024-02-29)

  • Base64: Fix issue where dirty memory located just after the input buffer is affecting the result. (#4929)

4.9.5 (2023-12-08)

  • Multicall: Make aware of non-canonical context (i.e. msg.sender is not _msgSender()), allowing compatibility with ERC2771Context. Patch duplicated Address.functionDelegateCall in v4.9.4 (removed).

4.9.3 (2023-07-28)

  • ERC2771Context: Return the forwarder address whenever the msg.data of a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length is less than 20 bytes), as specified by ERC-2771. (#4481)
  • ERC2771Context: Prevent revert in _msgData() when a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length is less than 20 bytes). Return the full calldata in that case. (#4484)

4.9.2 (2023-06-16)

  • MerkleProof: Fix a bug in processMultiProof and processMultiProofCalldata that allows proving arbitrary leaves if the tree contains a node with value 0 at depth 1.

4.9.1 (2023-06-07)

  • Governor: Add a mechanism to restrict the address of the proposer using a suffix in the description.

4.9.0 (2023-05-23)

  • ReentrancyGuard: Add a _reentrancyGuardEntered function to expose the guard status. (#3714)
  • ERC721Wrapper: add a new extension of the ERC721 token which wraps an underlying token. Deposit and withdraw guarantee that the ownership of each token is backed by a corresponding underlying token with the same identifier. (#3863)
  • EnumerableMap: add a keys() function that returns an array containing all the keys. (#3920)
  • Governor: add a public cancel(uint256) function. (#3983)
  • Governor: Enable timestamp operation for blockchains without a stable block time. This is achieved by connecting a Governor's internal clock to match a voting token's EIP-6372 interface. (#3934)
  • Strings: add equal method. (#3774)
  • IERC5313: Add an interface for EIP-5313 that is now final. (#4013)
  • IERC4906: Add an interface for ERC-4906 that is now Final. (#4012)
  • StorageSlot: Add support for string and bytes. (#4008)
  • Votes, ERC20Votes, ERC721Votes: support timestamp checkpointing using EIP-6372. (#3934)
  • ERC4626: Add mitigation to the inflation attack through virtual shares and assets. (#3979)
  • Strings: add toString method for signed integers. (#3773)
  • ERC20Wrapper: Make the underlying variable private and add a public accessor. (#4029)
  • EIP712: add EIP-5267 support for better domain discovery. (#3969)
  • AccessControlDefaultAdminRules: Add an extension of AccessControl with additional security rules for the DEFAULT_ADMIN_ROLE. (#4009)
  • SignatureChecker: Add isValidERC1271SignatureNow for checking a signature directly against a smart contract using ERC-1271. (#3932)
  • SafeERC20: Add a forceApprove function to improve compatibility with tokens behaving like USDT. (#4067)
  • ERC1967Upgrade: removed contract-wide oz-upgrades-unsafe-allow delegatecall annotation, replaced by granular annotation in UUPSUpgradeable. (#3971)
  • ERC20Wrapper: self wrapping and deposit by the wrapper itself are now explicitly forbidden. (#4100)
  • ECDSA: optimize bytes32 computation by using assembly instead of abi.encodePacked. (#3853)
  • ERC721URIStorage: Emit ERC-4906 MetadataUpdate in _setTokenURI. (#4012)
  • ShortStrings: Added a library for handling short strings in a gas efficient way, with fallback to storage for longer strings. (#4023)
  • SignatureChecker: Allow return data length greater than 32 from EIP-1271 signers. (#4038)
  • UUPSUpgradeable: added granular oz-upgrades-unsafe-allow-reachable annotation to improve upgrade safety checks on latest version of the Upgrades Plugins (starting with @openzeppelin/upgrades-core@1.21.0). (#3971)
  • Initializable: optimize _disableInitializers by using != instead of <. (#3787)
  • Ownable2Step: make acceptOwnership public virtual to enable usecases that require overriding it. (#3960)
  • UUPSUpgradeable.sol: Change visibility to the functions upgradeTo and upgradeToAndCall from external to public. (#3959)

... (truncated)

Commits

Updates ws from 7.5.9 to 7.5.10

Release notes

Sourced from ws's releases.

7.5.10

Bug fixes

  • Backported e55e5106 to the 7.x release line (22c28763).
Commits

Updates @nomicfoundation/hardhat-toolbox from 2.0.1 to 5.0.0

Release notes

Sourced from @​nomicfoundation/hardhat-toolbox's releases.

@​nomicfoundation/hardhat-toolbox@​5.0.0

This version of Hardhat Toolbox adds Hardhat Ignition as the default deployment system. See the Hardhat Ignition docs for more information.

@​nomicfoundation/hardhat-toolbox-viem@​3.0.0

This version of Hardhat Toolbox adds Hardhat Ignition as the default deployment system. See the Hardhat Ignition docs for more information.

The version of hardhat-viem has been bumped to include viem@2 support, see the Viem@2 migration guide for more details.

@​nomicfoundation/hardhat-toolbox@​4.0.0

This version of Hardhat Toolbox bumps the versions of hardhat-verify and typechain. This is a new major because the new versions of those peer dependencies are not compatible with the previous ones, but you can consider this a low-risk upgrade.

Commits
  • a3ada90 Version Packages
  • 3ee20fc chore: bump edr version to 0.3.1
  • 0f0f470 test: fix assert.isDefined issue
  • 6694140 chore: loosen typescript peer dep for viem toolbox
  • 49f4ffe chore: bump the version of Ignition in toolboxes
  • 90c3f41 Add default tab for new combination
  • ac43eec remove ignition-core as peer dep
  • 4da8ba6 update boilerplate docs
  • 137ee9a docs: revert the change to project setup
  • 779c167 docs: clarify module file in deploying guide
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by kanej, a new releaser for @​nomicfoundation/hardhat-toolbox since your current version.


Updates braces from 3.0.2 to 3.0.3

Commits

Updates flat from 4.1.1 to 5.0.2

Commits
  • e5ffd66 Release 5.0.2
  • fdb79d5 Update dependencies, refresh lockfile, format with standard.
  • e52185d Test against node 14 in CI.
  • 0189cb1 Avoid arrow function syntax.
  • f25d3a1 Release 5.0.1
  • 54cc7ad use standard formatting
  • 779816e drop dependencies
  • 2eea6d3 Bump lodash from 4.17.15 to 4.17.19
  • a61a554 Bump acorn from 7.1.0 to 7.4.0
  • 20ef0ef Fix prototype pollution on unflatten
  • Additional commits viewable in compare view

Updates eth-gas-reporter from 0.2.25 to 0.2.27

Release notes

Sourced from eth-gas-reporter's releases.

v0.2.27

What's Changed

Full Changelog: cgewecke/eth-gas-reporter@v0.2.26...v0.2.27

v0.2.26

What's Changed

New Contributors

Full Changelog: cgewecke/eth-gas-reporter@v0.2.2...v0.2.26

Changelog

Sourced from eth-gas-reporter's changelog.

0.2.27 / 2023-09-30

0.2.26 / 2023-09-29

0.2.23 / 2021-11-26

0.2.22 / 2021-03-04

0.2.21 / 2021-02-16

0.2.20 / 2020-12-01

  • Add support for remote contracts data pre-loading (hardhat-gas-reporter feature)

0.2.19 / 2020-10-29

  • Delegate contract loading/parsing to artifactor & make optional (#227)

0.2.18 / 2020-10-13

  • Support multiple codechecks reports per CI run
  • Add CI error threshold options: maxMethodDiff, maxDeploymentDiff
  • Add async collection methods for BuidlerEVM
  • Update solidity-parser/parser to 0.8.0 (contribution: @​vicnaum)
  • Update dev deps / use Node 12 in CI

0.2.17 / 2020-04-13

  • Use @​solidity-parser/parser for better solc 0.6.x parsing
  • Upgrade Mocha to ^7.1.1 (to remove minimist vuln warning)
  • Stop crashing when parser or ABI Encoder fails
  • Update @​ethersproject/abi to ^5.0.0-beta.146 (and unpin)

... (truncated)

Commits

Updates solidity-coverage from 0.8.2 to 0.8.14

Release notes

Sourced from solidity-coverage's releases.

0.8.14

What's Changed

New Contributors

Full Changelog: sc-forks/solidity-coverage@v0.8.13...v0.8.14

v0.8.13

🐛 Bug Fixes

This release fixes a bug that caused the plugin to error when used with hardhat-viem in combination with a forked network.

What's Changed

New Contributors

Full Changelog: sc-forks/solidity-coverage@v0.8.12...v0.8.13

v0.8.12

What's Changed

  • Adds "work-around" support for the hardhat-viem plugin. If you're using viem, run the coverage task with: 
    SOLIDITY_COVERAGE=true npx hardhat coverage
  • Adds support for solc v0.4.x
  • Fixes a bug where plugin crashed if the contract sources directory name contained a period.
  • Fixes a bug where instrumentation failed if there was whitespace between require statement and the terminating semi-colon

PRs

Full Changelog: sc-forks/solidity-coverage@v0.8.11...v0.8.12

v0.8.11

Summary

0.8.11 fixes a(nother) bug that resulted in some line hits remaining undetected when compiling with viaIR=true

... (truncated)

Changelog

Sourced from solidity-coverage's changelog.

Changelog

0.8.11 / 2024-03-07

0.8.10 / 2024-02-29

0.8.9 / 2024-02-27

0.8.8 / 2024-02-21

0.8.7 / 2024-02-09

0.8.6 / 2024-01-28

... (truncated)

Commits

Updates follow-redirects from 1.15.2 to 1.15.9

Commits
  • e4e55c7 Release version 1.15.9 of the npm package.
  • 31a1abf Attempt much more gentle detection.
  • d2aaa97 Fix url field.
  • 62558f0 Release version 1.15.8 of the npm package.
  • a8d1cee Return subtlety.
  • 458ca8e Fix native URL test for Node 20.
  • ca49e44 Handle KeepAlive connections in tests.
  • f3711d7 Test on Node 20 and 22.
  • fda0faf Fix typo.
  • 760757f Release version 1.15.7 of the npm package.
  • Additional commits viewable in compare view

Updates secp256k1 from 4.0.3 to 4.0.4

Commits

Updates undici from 5.16.0 to 5.28.5

Release notes

Sourced from undici's releases.

v5.28.5

⚠️ Security Release ⚠️

Fixes CVE CVE-2025-22150 GHSA-c76h-2ccp-4975 (embargoed until 22-01-2025).

Full Changelog: nodejs/undici@v5.28.4...v5.28.5

v5.28.4

⚠️ Security Release ⚠️

Full Changelog: nodejs/undici@v5.28.3...v5.28.4

v5.28.3

⚠️ Security Release ⚠️

Fixes:

Full Changelog: nodejs/undici@v5.28.2...v5.28.3

v5.28.2

What's Changed

New Contributors

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
build(deps): bump the npm_and_yarn group across 1 directory with 10 u…
b73e9d8 
…pdates

Bumps the npm_and_yarn group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@openzeppelin/contracts](https://github.com/OpenZeppelin/openzeppelin-contracts) | `4.8.3` | `4.9.6` |
| [ws](https://github.com/websockets/ws) | `7.5.9` | `7.5.10` |
| [@nomicfoundation/hardhat-toolbox](https://github.com/nomicfoundation/hardhat) | `2.0.1` | `5.0.0` |
| [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` |
| [flat](https://github.com/hughsk/flat) | `4.1.1` | `5.0.2` |
| [eth-gas-reporter](https://github.com/cgewecke/eth-gas-reporter) | `0.2.25` | `0.2.27` |
| [solidity-coverage](https://github.com/sc-forks/solidity-coverage) | `0.8.2` | `0.8.14` |
| [secp256k1](https://github.com/cryptocoinjs/secp256k1-node) | `4.0.3` | `4.0.4` |
| [undici](https://github.com/nodejs/undici) | `5.16.0` | `5.28.5` |



Updates `@openzeppelin/contracts` from 4.8.3 to 4.9.6
- [Release notes](https://github.com/OpenZeppelin/openzeppelin-contracts/releases)
- [Changelog](https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/CHANGELOG.md)
- [Commits](OpenZeppelin/openzeppelin-contracts@v4.8.3...v4.9.6)

Updates `ws` from 7.5.9 to 7.5.10
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.5.9...7.5.10)

Updates `@nomicfoundation/hardhat-toolbox` from 2.0.1 to 5.0.0
- [Release notes](https://github.com/nomicfoundation/hardhat/releases)
- [Commits](https://github.com/nomicfoundation/hardhat/compare/@nomicfoundation/hardhat-toolbox@2.0.1...@nomicfoundation/hardhat-toolbox@5.0.0)

Updates `braces` from 3.0.2 to 3.0.3
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](micromatch/braces@3.0.2...3.0.3)

Updates `flat` from 4.1.1 to 5.0.2
- [Release notes](https://github.com/hughsk/flat/releases)
- [Commits](hughsk/flat@4.1.1...5.0.2)

Updates `eth-gas-reporter` from 0.2.25 to 0.2.27
- [Release notes](https://github.com/cgewecke/eth-gas-reporter/releases)
- [Changelog](https://github.com/cgewecke/eth-gas-reporter/blob/master/CHANGELOG.md)
- [Commits](https://github.com/cgewecke/eth-gas-reporter/commits/v0.2.27)

Updates `solidity-coverage` from 0.8.2 to 0.8.14
- [Release notes](https://github.com/sc-forks/solidity-coverage/releases)
- [Changelog](https://github.com/sc-forks/solidity-coverage/blob/master/CHANGELOG.md)
- [Commits](sc-forks/solidity-coverage@v0.8.2...v0.8.14)

Updates `follow-redirects` from 1.15.2 to 1.15.9
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](follow-redirects/follow-redirects@v1.15.2...v1.15.9)

Updates `secp256k1` from 4.0.3 to 4.0.4
- [Release notes](https://github.com/cryptocoinjs/secp256k1-node/releases)
- [Commits](cryptocoinjs/secp256k1-node@v4.0.3...v4.0.4)

Updates `undici` from 5.16.0 to 5.28.5
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v5.16.0...v5.28.5)

---
updated-dependencies:
- dependency-name: "@openzeppelin/contracts"
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@nomicfoundation/hardhat-toolbox"
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: braces
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: flat
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: eth-gas-reporter
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: solidity-coverage
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: follow-redirects
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: secp256k1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: undici
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jan 21, 2025
This was referenced Jan 21, 2025
Closed
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant