8000 chore(deps-dev): bump openzeppelin-solidity from 1.12.0 to 3.4.2 by dependabot[bot] · Pull Request #239 · kleros/kleros · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

chore(deps-dev): bump openzeppelin-solidity from 1.12.0 to 3.4.2 #239

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore(deps-dev): bump openzeppelin-solidity from 1.12.0 to 3.4.2 #239

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor
@dependabot dependabot bot commented on behalf of github Jan 13, 2023

Bumps openzeppelin-solidity from 1.12.0 to 3.4.2.

Release notes

Sourced from openzeppelin-solidity's releases.

v3.4.2

  • TimelockController: Add additional isOperationReady check.

v3.4.2-solc-0.7

  • TimelockController: Add additional isOperationReady check.

v3.4.0

Read the full announcement in the blog or check out the changelog.

Security Fixes

  • ERC777: fix potential reentrancy issues for custom extensions to ERC777. (#2483)

If you're using our implementation of ERC777 from version 3.3.0 or earlier, and you define a custom _beforeTokenTransfer function that writes to a storage variable, you may be vulnerable to a reentrancy attack. If you're affected and would like assistance please write to security@openzeppelin.com. Read more in the pull request.

v3.3.0

Read the full announcement in the forum or check out the changelog.

  • Now supports both Solidity 0.6 and 0.7. Compiling with solc 0.7 will result in warnings. Install the solc-0.7 tag to compile without warnings.
  • TimelockController: added a contract to augment access control schemes with a delay. (#2354)
  • Address: added functionStaticCall, similar to the existing functionCall. (#2333)
  • EnumerableSet: added Bytes32Set, for sets of bytes32. (#2395)

v3.2.1 for Solidity 0.7

This is a special release for Solidity 0.7 that gets rid of a warning in ERC777 using one of the new features of the language. (#2327)

Note: The variant for Solidity 0.7 can be installed using npm install @openzeppelin/contracts@solc-0.7.

v3.2.0

Welcome to a new release of OpenZeppelin Contracts! 👯

The big feature in this release is that we’ve migrated our proxy contracts from OpenZeppelin SDK into the Contracts project. We hope this will make more people aware of upgrades in Ethereum, and we also think the contracts will benefit greatly from the continued scrutiny by all of you in the community. This was also a migration of the proxies from Solidity 0.5 to 0.6, which we know some users have been waiting for.

For Solidity 0.7 users, a reminder that we have support for the newer compiler version published on npm under the tag solc-0.7, the latest release being 3.2.0-solc-0.7. We’re considering officially switching to 0.7 for the release after this one.

There is additionally a small breaking change in ERC20Snapshot that may affect some of its users. If you’re one of them please take a look at the changelog.

v3.1.0

This is the first release since v3.0, our last major release. It includes the long-awaited ERC1155 token and helpers for safe calls and downcasts, as well as a number of minor improvements.

To install this release, run:

npm install --save-dev @openzeppelin/contracts

ERC1155

This is a new token standard developed by the gaming industry, focusing on gas efficiency. It's key difference is that it is a multi-token contract: a single ERC1155 can be used to represent an arbitrary number of tokens, which is very useful in applications that require many tokens by removing the high gas costs associated with deploying them. Check out our new documentation page to learn more!.

... (truncated)

Changelog

Sourced from openzeppelin-solidity's changelog.

3.4.2

  • TimelockController: Add additional isOperationReady check.

3.4.1 (2021-03-03)

  • ERC721: made _approve an internal function (was private).

3.4.0 (2021-02-02)

  • BeaconProxy: added new kind of proxy that allows simultaneous atomic upgrades. (#2411)
  • EIP712: added helpers to verify EIP712 typed data signatures on chain. (#2418)
  • ERC20Permit: added an implementation of the ERC20 permit extension for gasless token approvals. (#2237)
  • Presets: added token presets with preminted fixed supply ERC20PresetFixedSupply and ERC777PresetFixedSupply. (#2399)
  • Address: added functionDelegateCall, similar to the existing functionCall. (#2333)
  • Clones: added a library for deploying EIP 1167 minimal proxies. (#2449)
  • Context: moved from contracts/GSN to contracts/utils. (#2453)
  • PaymentSplitter: replace usage of .transfer() with Address.sendValue for improved compatibility with smart wallets. (#2455)
  • UpgradeableProxy: bubble revert reasons from initialization calls. (#2454)
  • SafeMath: fix a memory allocation issue by adding new SafeMath.tryOp(uint,uint)→(bool,uint) functions. SafeMath.op(uint,uint,string)→uint are now deprecated. (#2462)
  • EnumerableMap: fix a memory allocation issue by adding new EnumerableMap.tryGet(uint)→(bool,address) functions. EnumerableMap.get(uint)→string is now deprecated. (#2462)
  • ERC165Checker: added batch getSupportedInterfaces. (#2469)
  • RefundEscrow: beneficiaryWithdraw will forward all available gas to the beneficiary. (#2480)
  • Many view and pure functions have been made virtual to customize them via overrides. In many cases this will not imply that other functions in the contract will automatically adapt to the overridden definitions. People who wish to override should consult the source code to understand the impact and if they need to override any additional functions to achieve the desired behavior.

Security Fixes

  • ERC777: fix potential reentrancy issues for custom extensions to ERC777. (#2483)

If you're using our implementation of ERC777 from version 3.3.0 or earlier, and you define a custom _beforeTokenTransfer function that writes to a storage variable, you may be vulnerable to a reentrancy attack. If you're affected and would like assistance please write to security@openzeppelin.com. Read more in the pull request.

3.3.0 (2020-11-26)

  • Now supports both Solidity 0.6 and 0.7. Compiling with solc 0.7 will result in warnings. Install the solc-0.7 tag to compile without warnings.
  • Address: added functionStaticCall, similar to the existing functionCall. (#2333)
  • TimelockController: added a contract to augment access control schemes with a delay. (#2354)
  • EnumerableSet: added Bytes32Set, for sets of bytes32. (#2395)

3.2.2-solc-0.7 (2020-10-28)

  • Resolve warnings introduced by Solidity 0.7.4. (#2396)

3.2.1-solc-0.7 (2020-09-15)

  • ERC777: Remove a warning about function state visibility in Solidity 0.7. (#2327)

3.2.0 (2020-09-10)

New features

  • Proxies: added the proxy contracts from OpenZeppelin SDK. (#2335)

Proxy changes with respect to OpenZeppelin SDK

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps-dev): bump openzeppelin-solidity from 1.12.0 to 3.4.2
ea01239 
Bumps [openzeppelin-solidity](https://github.com/OpenZeppelin/openzeppelin-contracts) from 1.12.0 to 3.4.2.
- [Release notes](https://github.com/OpenZeppelin/openzeppelin-contracts/releases)
- [Changelog](https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/CHANGELOG.md)
- [Commits](OpenZeppelin/openzeppelin-contracts@v1.12.0...v3.4.2)

---
updated-dependencies:
- dependency-name: openzeppelin-solidity
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jan 13, 2023
@dependabot dependabot bot mentioned this pull request Jan 13, 2023
Closed
@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants
0