Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the npm_and_yarn group across 1 directory with 6 updates #1

Closed
wants to merge 1 commit into from
Closed

Bump the npm_and_yarn group across 1 directory with 6 updates #1

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github May 6, 2024

Bumps the npm_and_yarn group with 5 updates in the /assets/erc-7007 directory:

Package From To
@openzeppelin/contracts 4.8.3 4.9.6
flat 4.1.1 5.0.2
eth-gas-reporter 0.2.25 0.2.27
solidity-coverage 0.8.2 0.8.12
undici 5.22.0 5.28.4

Updates @openzeppelin/contracts from 4.8.3 to 4.9.6

Release notes

Sourced from @​openzeppelin/contracts's releases.

v4.9.6

  • Base64: Fix issue where dirty memory located just after the input buffer is affecting the result. (#4929)

v4.9.5

  • Multicall: Make aware of non-canonical context (i.e. msg.sender is not _msgSender()), allowing compatibility with ERC2771Context. Patch duplicated Address.functionDelegateCall in v4.9.4 (removed).

v4.9.4

  • ERC2771Context and Context: Introduce a _contextPrefixLength() getter, used to trim extra information appended to msg.data.
  • Multicall: Make aware of non-canonical context (i.e. msg.sender is not _msgSender()), allowing compatibility with ERC2771Context.

v4.9.3

Note This release contains a fix for GHSA-g4vp-m682-qqmp.

  • ERC2771Context: Return the forwarder address whenever the msg.data of a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length is less than 20 bytes), as specified by ERC-2771. (#4481)
  • ERC2771Context: Prevent revert in _msgData() when a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length is less than 20 bytes). Return the full calldata in that case. (#4484)

v4.9.2

Note This release contains a fix for GHSA-wprv-93r4-jj2p.

  • MerkleProof: Fix a bug in processMultiProof and processMultiProofCalldata that allows proving arbitrary leaves if the tree contains a node with value 0 at depth 1.

v4.9.1

Note This release contains a fix for GHSA-5h3x-9wvq-w4m2.

  • Governor: Add a mechanism to restrict the address of the proposer using a suffix in the description.

v4.9.0

  • ReentrancyGuard: Add a _reentrancyGuardEntered function to expose the guard status. (#3714)
  • ERC721Wrapper: add a new extension of the ERC721 token which wraps an underlying token. Deposit and withdraw guarantee that the ownership of each token is backed by a corresponding underlying token with the same identifier. (#3863)
  • EnumerableMap: add a keys() function that returns an array containing all the keys. (#3920)
  • Governor: add a public cancel(uint256) function. (#3983)
  • Governor: Enable timestamp operation for blockchains without a stable block time. This is achieved by connecting a Governor's internal clock to match a voting token's EIP-6372 interface. (#3934)
  • Strings: add equal method. (#3774)
  • IERC5313: Add an interface for EIP-5313 that is now final. (#4013)
  • IERC4906: Add an interface for ERC-4906 that is now Final. (#4012)
  • StorageSlot: Add support for string and bytes. (#4008)
  • Votes, ERC20Votes, ERC721Votes: support timestamp checkpointing using EIP-6372. (#3934)
  • ERC4626: Add mitigation to the inflation attack through virtual shares and assets. (#3979)
  • Strings: add toString method for signed integers. (#3773)
  • ERC20Wrapper: Make the underlying variable private and add a public accessor. (#4029)
  • EIP712: add EIP-5267 support for better domain discovery. (#3969)
  • AccessControlDefaultAdminRules: Add an extension of AccessControl with additional security rules for the DEFAULT_ADMIN_ROLE. (#4009)
  • SignatureChecker: Add isValidERC1271SignatureNow for checking a signature directly against a smart contract using ERC-1271. (#3932)
  • SafeERC20: Add a forceApprove function to improve compatibility with tokens behaving like USDT. (#4067)

... (truncated)

Changelog

Sourced from @​openzeppelin/contracts's changelog.

4.9.6 (2024-02-29)

  • Base64: Fix issue where dirty memory located just after the input buffer is affecting the result. (#4929)

4.9.5 (2023-12-08)

  • Multicall: Make aware of non-canonical context (i.e. msg.sender is not _msgSender()), allowing compatibility with ERC2771Context. Patch duplicated Address.functionDelegateCall in v4.9.4 (removed).

4.9.3 (2023-07-28)

  • ERC2771Context: Return the forwarder address whenever the msg.data of a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length is less than 20 bytes), as specified by ERC-2771. (#4481)
  • ERC2771Context: Prevent revert in _msgData() when a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length is less than 20 bytes). Return the full calldata in that case. (#4484)

4.9.2 (2023-06-16)

  • MerkleProof: Fix a bug in processMultiProof and processMultiProofCalldata that allows proving arbitrary leaves if the tree contains a node with value 0 at depth 1.

4.9.1 (2023-06-07)

  • Governor: Add a mechanism to restrict the address of the proposer using a suffix in the description.

4.9.0 (2023-05-23)

  • ReentrancyGuard: Add a _reentrancyGuardEntered function to expose the guard status. (#3714)
  • ERC721Wrapper: add a new extension of the ERC721 token which wraps an underlying token. Deposit and withdraw guarantee that the ownership of each token is backed by a corresponding underlying token with the same identifier. (#3863)
  • EnumerableMap: add a keys() function that returns an array containing all the keys. (#3920)
  • Governor: add a public cancel(uint256) function. (#3983)
  • Governor: Enable timestamp operation for blockchains without a stable block time. This is achieved by connecting a Governor's internal clock to match a voting token's EIP-6372 interface. (#3934)
  • Strings: add equal method. (#3774)
  • IERC5313: Add an interface for EIP-5313 that is now final. (#4013)
  • IERC4906: Add an interface for ERC-4906 that is now Final. (#4012)
  • StorageSlot: Add support for string and bytes. (#4008)
  • Votes, ERC20Votes, ERC721Votes: support timestamp checkpointing using EIP-6372. (#3934)
  • ERC4626: Add mitigation to the inflation attack through virtual shares and assets. (#3979)
  • Strings: add toString method for signed integers. (#3773)
  • ERC20Wrapper: Make the underlying variable private and add a public accessor. (#4029)
  • EIP712: add EIP-5267 support for better domain discovery. (#3969)
  • AccessControlDefaultAdminRules: Add an extension of AccessControl with additional security rules for the DEFAULT_ADMIN_ROLE. (#4009)
  • SignatureChecker: Add isValidERC1271SignatureNow for checking a signature directly against a smart contract using ERC-1271. (#3932)
  • SafeERC20: Add a forceApprove function to improve compatibility with tokens behaving like USDT. (#4067)
  • ERC1967Upgrade: removed contract-wide oz-upgrades-unsafe-allow delegatecall annotation, replaced by granular annotation in UUPSUpgradeable. (#3971)
  • ERC20Wrapper: self wrapping and deposit by the wrapper itself are now explicitly forbidden. (#4100)
  • ECDSA: optimize bytes32 computation by using assembly instead of abi.encodePacked. (#3853)
  • ERC721URIStorage: Emit ERC-4906 MetadataUpdate in _setTokenURI. (#4012)
  • ShortStrings: Added a library for handling short strings in a gas efficient way, with fallback to storage for longer strings. (#4023)
  • SignatureChecker: Allow return data length greater than 32 from EIP-1271 signers. (#4038)
  • UUPSUpgradeable: added granular oz-upgrades-unsafe-allow-reachable annotation to improve upgrade safety checks on latest version of the Upgrades Plugins (starting with @openzeppelin/upgrades-core@1.21.0). (#3971)
  • Initializable: optimize _disableInitializers by using != instead of <. (#3787)
  • Ownable2Step: make acceptOwnership public virtual to enable usecases that require overriding it. (#3960)
  • UUPSUpgradeable.sol: Change visibility to the functions upgradeTo and upgradeToAndCall from external to public. (#3959)

... (truncated)

Commits

Updates flat from 4.1.1 to 5.0.2

Commits
  • e5ffd66 Release 5.0.2
  • fdb79d5 Update dependencies, refresh lockfile, format with standard.
  • e52185d Test against node 14 in CI.
  • 0189cb1 Avoid arrow function syntax.
  • f25d3a1 Release 5.0.1
  • 54cc7ad use standard formatting
  • 779816e drop dependencies
  • 2eea6d3 Bump lodash from 4.17.15 to 4.17.19
  • a61a554 Bump acorn from 7.1.0 to 7.4.0
  • 20ef0ef Fix prototype pollution on unflatten
  • Additional commits viewable in compare view

Updates eth-gas-reporter from 0.2.25 to 0.2.27

Release notes

Sourced from eth-gas-reporter's releases.

v0.2.27

What's Changed

Full Changelog: cgewecke/eth-gas-reporter@v0.2.26...v0.2.27

v0.2.26

What's Changed

New Contributors

Full Changelog: cgewecke/eth-gas-reporter@v0.2.2...v0.2.26

Changelog

Sourced from eth-gas-reporter's changelog.

0.2.27 / 2023-09-30

0.2.26 / 2023-09-29

0.2.23 / 2021-11-26

0.2.22 / 2021-03-04

0.2.21 / 2021-02-16

0.2.20 / 2020-12-01

  • Add support for remote contracts data pre-loading (hardhat-gas-reporter feature)

0.2.19 / 2020-10-29

  • Delegate contract loading/parsing to artifactor & make optional (#227)

0.2.18 / 2020-10-13

  • Support multiple codechecks reports per CI run
  • Add CI error threshold options: maxMethodDiff, maxDeploymentDiff
  • Add async collection methods for BuidlerEVM
  • Update solidity-parser/parser to 0.8.0 (contribution: @​vicnaum)
  • Update dev deps / use Node 12 in CI

0.2.17 / 2020-04-13

  • Use @​solidity-parser/parser for better solc 0.6.x parsing
  • Upgrade Mocha to ^7.1.1 (to remove minimist vuln warning)
  • Stop crashing when parser or ABI Encoder fails
  • Update @​ethersproject/abi to ^5.0.0-beta.146 (and unpin)

... (truncated)

Commits

Updates solidity-coverage from 0.8.2 to 0.8.12

Release notes

Sourced from solidity-coverage's releases.

v0.8.12

What's Changed

  • Adds "work-around" support for the hardhat-viem plugin. If you're using viem, run the coverage task with: 
    SOLIDITY_COVERAGE=true npx hardhat coverage
  • Adds support for solc v0.4.x
  • Fixes a bug where plugin crashed if the contract sources directory name contained a period.
  • Fixes a bug where instrumentation failed if there was whitespace between require statement and the terminating semi-colon

PRs

Full Changelog: sc-forks/solidity-coverage@v0.8.11...v0.8.12

v0.8.11

Summary

0.8.11 fixes a(nother) bug that resulted in some line hits remaining undetected when compiling with viaIR=true

What's Changed

Full Changelog: sc-forks/solidity-coverage@v0.8.10...v0.8.11

0.8.10

Summary

0.8.10 fixes a bug that resulted in some line hits remaining undetected when compiling with viaIR=true

What's Changed

Full Changelog: sc-forks/solidity-coverage@v0.8.9...v0.8.10

0.8.9

What's Changed

Full Changelog: sc-forks/solidity-coverage@v0.8.8...v0.8.9

0.8.8

What's Changed

... (truncated)

Changelog

Sourced from solidity-coverage's changelog.

Changelog

0.8.11 / 2024-03-07

0.8.10 / 2024-02-29

0.8.9 / 2024-02-27

0.8.8 / 2024-02-21

0.8.7 / 2024-02-09

0.8.6 / 2024-01-28

... (truncated)

Commits

Updates follow-redirects from 1.15.2 to 1.15.6

Commits
  • 35a517c Release version 1.15.6 of the npm package.
  • c4f847f Drop Proxy-Authorization across hosts.
  • 8526b4a Use GitHub for disclosure.
  • b1677ce Release version 1.15.5 of the npm package.
  • d8914f7 Preserve fragment in responseUrl.
  • 6585820 Release version 1.15.4 of the npm package.
  • 7a6567e Disallow bracketed hostnames.
  • 05629af Prefer native URL instead of deprecated url.parse.
  • 1cba8e8 Prefer native URL instead of legacy url.resolve.
  • 72bc2a4 Simplify _processResponse error handling.
  • Additional commits viewable in compare view

Updates undici from 5.22.0 to 5.28.4

Release notes

Sourced from undici's releases.

v5.28.4

⚠️ Security Release ⚠️

Full Changelog: nodejs/undici@v5.28.3...v5.28.4

v5.28.3

⚠️ Security Release ⚠️

Fixes:

Full Changelog: nodejs/undici@v5.28.2...v5.28.3

v5.28.2

What's Changed

New Contributors

Full Changelog: nodejs/undici@v5.28.1...v5.28.2

v5.28.1

What's Changed

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the npm_and_yarn group across 1 directory with 6 updates
e2e96b3 
Bumps the npm_and_yarn group with 5 updates in the /assets/erc-7007 directory:

| Package | From | To |
| --- | --- | --- |
| [@openzeppelin/contracts](https://github.com/OpenZeppelin/openzeppelin-contracts) | `4.8.3` | `4.9.6` |
| [flat](https://github.com/hughsk/flat) | `4.1.1` | `5.0.2` |
| [eth-gas-reporter](https://github.com/cgewecke/eth-gas-reporter) | `0.2.25` | `0.2.27` |
| [solidity-coverage](https://github.com/sc-forks/solidity-coverage) | `0.8.2` | `0.8.12` |
| [undici](https://github.com/nodejs/undici) | `5.22.0` | `5.28.4` |



Updates `@openzeppelin/contracts` from 4.8.3 to 4.9.6
- [Release notes](https://github.com/OpenZeppelin/openzeppelin-contracts/releases)
- [Changelog](https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/CHANGELOG.md)
- [Commits](OpenZeppelin/openzeppelin-contracts@v4.8.3...v4.9.6)

Updates `flat` from 4.1.1 to 5.0.2
- [Release notes](https://github.com/hughsk/flat/releases)
- [Commits](hughsk/flat@4.1.1...5.0.2)

Updates `eth-gas-reporter` from 0.2.25 to 0.2.27
- [Release notes](https://github.com/cgewecke/eth-gas-reporter/releases)
- [Changelog](https://github.com/cgewecke/eth-gas-reporter/blob/master/CHANGELOG.md)
- [Commits](https://github.com/cgewecke/eth-gas-reporter/commits/v0.2.27)

Updates `solidity-coverage` from 0.8.2 to 0.8.12
- [Release notes](https://github.com/sc-forks/solidity-coverage/releases)
- [Changelog](https://github.com/sc-forks/solidity-coverage/blob/master/CHANGELOG.md)
- [Commits](sc-forks/solidity-coverage@v0.8.2...v0.8.12)

Updates `follow-redirects` from 1.15.2 to 1.15.6
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](follow-redirects/follow-redirects@v1.15.2...v1.15.6)

Updates `undici` from 5.22.0 to 5.28.4
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v5.22.0...v5.28.4)

---
updated-dependencies:
- dependency-name: "@openzeppelin/contracts"
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: flat
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: eth-gas-reporter
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: solidity-coverage
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: follow-redirects
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: undici
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label May 6, 2024
@dependabot Dependabot
Copy link
Author

dependabot bot commented on behalf of github Jun 18, 2024

Superseded by #4.

@dependabot dependabot bot closed this Jun 18, 2024
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/assets/erc-7007/npm_and_yarn-c4f896aa15 branch June 18, 2024 04:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants