Skip to content

Commit

Permalink
[Snyk] Upgrade @openzeppelin/contracts from 4.9.3 to 5.0.0 (#161)
Browse files Browse the repository at this point in the history
<p>This PR was automatically created by Snyk using the credentials of a
real user.</p><br /><h3>Snyk has created this PR to upgrade
@openzeppelin/contracts from 4.9.3 to 5.0.0.</h3>

:information_source: Keep your dependencies up-to-date. This makes it
easier to fix existing vulnerabilities and to more quickly identify and
fix newly disclosed vulnerabilities when they affect your project.
<hr/>

*Warning:* This is a major version upgrade, and may be a breaking
change.
- The recommended version is **4 versions** ahead of your current
version.
- The recommended version was released **24 days ago**, on 2023-10-05.


<details>
<summary><b>Release notes</b></summary>
<br/>
  <details>
    <summary>Package name: <b>@openzeppelin/contracts</b></summary>
    <ul>
      <li>
<b>5.0.0</b> - <a
href="https://snyk.io/redirect/github/OpenZeppelin/openzeppelin-contracts/releases/tag/v5.0.0">2023-10-05</a></br><a
href="https://snyk.io/redirect/github/OpenZeppelin/openzeppelin-contracts/releases/tag/v5.0.0">
Read more </a>
      </li>
      <li>
<b>5.0.0-rc.2</b> - <a
href="https://snyk.io/redirect/github/OpenZeppelin/openzeppelin-contracts/releases/tag/v5.0.0-rc.2">2023-10-02</a></br><ul>
<li><code>AccessManager</code>: Make <code>schedule</code> and
<code>execute</code> more conservative when delay is 0.</li>
</ul>
      </li>
      <li>
<b>5.0.0-rc.1</b> - <a
href="https://snyk.io/redirect/github/OpenZeppelin/openzeppelin-contracts/releases/tag/v5.0.0-rc.1">2023-09-28</a></br><ul>
<li>Upgradeable Contracts: No longer transpile interfaces, libraries,
and stateless contracts. (<a
href="https://snyk.io/redirect/github/OpenZeppelin/openzeppelin-contracts/pull/4636"
data-hovercard-type="pull_request"
data-hovercard-url="/OpenZeppelin/openzeppelin-contracts/pull/4636/hovercard">ethereum#4636</a>)</li>
<li><code>AccessManager</code>, <code>AccessManaged</code>,
<code>GovernorTimelockAccess</code>: Ensure that calldata shorter than 4
bytes is not padded to 4 bytes. (<a
href="https://snyk.io/redirect/github/OpenZeppelin/openzeppelin-contracts/pull/4624"
data-hovercard-type="pull_request"
data-hovercard-url="/OpenZeppelin/openzeppelin-contracts/pull/4624/hovercard">ethereum#4624</a>)</li>
<li><code>AccessManager</code>: Use named return parameters in functions
that return multiple values. (<a
href="https://snyk.io/redirect/github/OpenZeppelin/openzeppelin-contracts/pull/4624"
data-hovercard-type="pull_request"
data-hovercard-url="/OpenZeppelin/openzeppelin-contracts/pull/4624/hovercard">ethereum#4624</a>)</li>
</ul>
      </li>
      <li>
<b>5.0.0-rc.0</b> - <a
href="https://snyk.io/redirect/github/OpenZeppelin/openzeppelin-contracts/releases/tag/v5.0.0-rc.0">2023-09-19</a></br><a
href="https://snyk.io/redirect/github/OpenZeppelin/openzeppelin-contracts/releases/tag/v5.0.0-rc.0">
Read more </a>
      </li>
      <li>
<b>4.9.3</b> - <a
href="https://snyk.io/redirect/github/OpenZeppelin/openzeppelin-contracts/releases/tag/v4.9.3">2023-07-28</a></br><div
class="markdown-alert markdown-alert-note"><p><span
class="color-fg-accent text-semibold d-inline-flex flex-items-center
mb-1"><svg class="octicon octicon-info mr-2" viewBox="0 0 16 16"
version="1.1" width="16" height="16" aria-hidden="true"><path d="M0 8a8
8 0 1 1 16 0A8 8 0 0 1 0 8Zm8-6.5a6.5 6.5 0 1 0 0 13 6.5 6.5 0 0 0
0-13ZM6.5 7.75A.75.75 0 0 1 7.25 7h1a.75.75 0 0 1 .75.75v2.75h.25a.75.75
0 0 1 0 1.5h-2a.75.75 0 0 1 0-1.5h.25v-2h-.25a.75.75 0 0 1-.75-.75ZM8
6a1 1 0 1 1 0-2 1 1 0 0 1 0 2Z"></path></svg>Note</span><br>
This release contains a fix for <a
href="https://snyk.io/redirect/github/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-g4vp-m682-qqmp">GHSA-g4vp-m682-qqmp</a>.</p></div>
<ul>
<li><code>ERC2771Context</code>: Return the forwarder address whenever
the <code>msg.data</code> of a call originating from a trusted forwarder
is not long enough to contain the request signer address (i.e.
<code>msg.data.length</code> is less than 20 bytes), as specified by
ERC-2771. (<a
href="https://snyk.io/redirect/github/OpenZeppelin/openzeppelin-contracts/pull/4481"
data-hovercard-type="pull_request"
data-hovercard-url="/OpenZeppelin/openzeppelin-contracts/pull/4481/hovercard">ethereum#4481</a>)</li>
<li><code>ERC2771Context</code>: Prevent revert in
<code>_msgData()</code> when a call originating from a trusted forwarder
is not long enough to contain the request signer address (i.e.
<code>msg.data.length</code> is less than 20 bytes). Return the full
calldata in that case. (<a
href="https://snyk.io/redirect/github/OpenZeppelin/openzeppelin-contracts/pull/4484"
data-hovercard-type="pull_request"
data-hovercard-url="/OpenZeppelin/openzeppelin-contracts/pull/4484/hovercard">ethereum#4484</a>)</li>
</ul>
      </li>
    </ul>
from <a
href="https://snyk.io/redirect/github/OpenZeppelin/openzeppelin-contracts/releases">@openzeppelin/contracts
GitHub release notes</a>
  </details>
</details>
<hr/>

**Note:** *You are seeing this because you or someone else with access
to this repository has authorized Snyk to open upgrade PRs.*

For more information: <img
src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI2NGQ0NjcxOS01ZDIzLTQ1MjYtYWJiOC00OGEwZmQ1N2QxZjgiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjY0ZDQ2NzE5LTVkMjMtNDUyNi1hYmI4LTQ4YTBmZDU3ZDFmOCJ9fQ=="
width="0" height="0"/>

🧐 [View latest project
report](https://app.snyk.io/org/woodpile37/project/f0dcf1c9-ecf1-445b-bc07-e8f73c595f54?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr)

🛠 [Adjust upgrade PR
settings](https://app.snyk.io/org/woodpile37/project/f0dcf1c9-ecf1-445b-bc07-e8f73c595f54/settings/integration?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr)

🔕 [Ignore this dependency or unsubscribe from future upgrade
PRs](https://app.snyk.io/org/woodpile37/project/f0dcf1c9-ecf1-445b-bc07-e8f73c595f54/settings/integration?pkg&#x3D;@openzeppelin/contracts&amp;utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr#auto-dep-upgrades)

<!---
(snyk:metadata:{"prId":"64d46719-5d23-4526-abb8-48a0fd57d1f8","prPublicId":"64d46719-5d23-4526-abb8-48a0fd57d1f8","dependencies":[{"name":"@openzeppelin/contracts","from":"4.9.3","to":"5.0.0"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/woodpile37/project/f0dcf1c9-ecf1-445b-bc07-e8f73c595f54?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"f0dcf1c9-ecf1-445b-bc07-e8f73c595f54","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":4,"publishedDate":"2023-10-05T18:00:56.344Z"},"templateVariants":[],"hasFixes":false,"isMajorUpgrade":true,"isBreakingChange":true,"priorityScoreList":[]})
--->
  • Loading branch information
Woodpile37 authored Oct 30, 2023
2 parents 17cdc48 + f0fbb22 commit 21cabd5
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 1 deletion.
5 changes: 5 additions & 0 deletions .changeset/brave-swans-try.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
"@fake-scope/fake-pkg": patch
---

[Snyk] Upgrade @openzeppelin/contracts from 4.9.3 to 5.0.0
2 changes: 1 addition & 1 deletion assets/eip-4675/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
"devDependencies": {
"@nomiclabs/hardhat-ethers": "^2.0.4",
"@nomiclabs/hardhat-waffle": "^2.0.1",
"@openzeppelin/contracts": "^4.4.1",
"@openzeppelin/contracts": "^5.0.0",
"@types/chai": "^4.3.0",
"@types/mocha": "^10.0.1",
"@types/node": "^20.6.0",
Expand Down

0 comments on commit 21cabd5

Please sign in to comment.