Skip to content

Bump @openzeppelin/contracts from 4.4.2 to 4.5.0#57

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/openzeppelin/contracts-4.5.0
Closed

Bump @openzeppelin/contracts from 4.4.2 to 4.5.0#57
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/openzeppelin/contracts-4.5.0

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Mar 21, 2022
edited
Loading

Bumps @openzeppelin/contracts from 4.4.2 to 4.5.0.

Release notes

Sourced from @​openzeppelin/contracts's releases.

v4.5.0

  • ERC2981: add implementation of the royalty standard, and the respective extensions for ERC721 and ERC1155. (#3012)
  • GovernorTimelockControl: improve the state() function to have it reflect cases where a proposal has been canceled directly on the timelock. (#2977)
  • Preset contracts are now deprecated in favor of Contracts Wizard. (#2986)
  • Governor: add a relay function to help recover assets sent to a governor that is not its own executor (e.g. when using a timelock). (#2926)
  • GovernorPreventLateQuorum: add new module to ensure a minimum voting duration is available after the quorum is reached. (#2973)
  • ERC721: improved revert reason when transferring from wrong owner. (#2975)
  • Votes: Added a base contract for vote tracking with delegation. (#2944)
  • ERC721Votes: Added an extension of ERC721 enabled with vote tracking and delegation. (#2944)
  • ERC2771Context: use immutable storage to store the forwarder address, no longer an issue since Solidity >=0.8.8 allows reading immutable variables in the constructor. (#2917)
  • Base64: add a library to parse bytes into base64 strings using encode(bytes memory) function, and provide examples to show how to use to build URL-safe tokenURIs. (#2884)
  • ERC20: reduce allowance before triggering transfer. (#3056)
  • ERC20: do not update allowance on transferFrom when allowance is type(uint256).max. (#3085)
  • ERC20: add a _spendAllowance internal function. (#3170)
  • ERC20Burnable: do not update allowance on burnFrom when allowance is type(uint256).max. (#3170)
  • ERC777: do not update allowance on transferFrom when allowance is type(uint256).max. (#3085)
  • ERC777: add a _spendAllowance internal function. (#3170)
  • SignedMath: a new signed version of the Math library with max, min, and average. (#2686)
  • SignedMath: add a abs(int256) method that returns the unsigned absolute value of a signed value. (#2984)
  • ERC1967Upgrade: Refactor the secure upgrade to use ERC1822 instead of the previous rollback mechanism. This reduces code complexity and attack surface with similar security guarantees. (#3021)
  • UUPSUpgradeable: Add ERC1822 compliance to support the updated secure upgrade mechanism. (#3021)
  • Some more functions have been made virtual to customize them via overrides. In many cases this will not imply that other functions in the contract will automatically adapt to the overridden definitions. People who wish to override should consult the source code to understand the impact and if they need to override any additional functions to achieve the desired behavior.

Breaking changes

  • ERC1967Upgrade: The function _upgradeToAndCallSecure was renamed to _upgradeToAndCallUUPS, along with the change in security mechanism described above.
  • Address: The Solidity pragma is increased from ^0.8.0 to ^0.8.1. This is required by the account.code.length syntax that replaces inline assembly. This may require users to bump their compiler version from 0.8.0 to 0.8.1 or later. Note that other parts of the code already include stricter requirements.

v4.5.0-rc.0

This prerelease is now available for review! Let us know your feedback and if you find any security issues.

We have a bug bounty with rewards of up to USD $25,000 and a special POAP for submitting a valid issue.

See the announcement for some more details.

Changelog

Sourced from @​openzeppelin/contracts's changelog.

4.5.0 (2022-02-09)

  • ERC2981: add implementation of the royalty standard, and the respective extensions for ERC721 and ERC1155. (#3012)
  • GovernorTimelockControl: improve the state() function to have it reflect cases where a proposal has been canceled directly on the timelock. (#2977)
  • Preset contracts are now deprecated in favor of Contracts Wizard. (#2986)
  • Governor: add a relay function to help recover assets sent to a governor that is not its own executor (e.g. when using a timelock). (#2926)
  • GovernorPreventLateQuorum: add new module to ensure a minimum voting duration is available after the quorum is reached. (#2973)
  • ERC721: improved revert reason when transferring from wrong owner. (#2975)
  • Votes: Added a base contract for vote tracking with delegation. (#2944)
  • ERC721Votes: Added an extension of ERC721 enabled with vote tracking and delegation. (#2944)
  • ERC2771Context: use immutable storage to store the forwarder address, no longer an issue since Solidity >=0.8.8 allows reading immutable variables in the constructor. (#2917)
  • Base64: add a library to parse bytes into base64 strings using encode(bytes memory) function, and provide examples to show how to use to build URL-safe tokenURIs. (#2884)
  • ERC20: reduce allowance before triggering transfer. (#3056)
  • ERC20: do not update allowance on transferFrom when allowance is type(uint256).max. (#3085)
  • ERC20: add a _spendAllowance internal function. (#3170)
  • ERC20Burnable: do not update allowance on burnFrom when allowance is type(uint256).max. (#3170)
  • ERC777: do not update allowance on transferFrom when allowance is type(uint256).max. (#3085)
  • ERC777: add a _spendAllowance internal function. (#3170)
  • SignedMath: a new signed version of the Math library with max, min, and average. (#2686)
  • SignedMath: add a abs(int256) method that returns the unsigned absolute value of a signed value. (#2984)
  • ERC1967Upgrade: Refactor the secure upgrade to use ERC1822 instead of the previous rollback mechanism. This reduces code complexity and attack surface with similar security guarantees. (#3021)
  • UUPSUpgradeable: Add ERC1822 compliance to support the updated secure upgrade mechanism. (#3021)
  • Some more functions have been made virtual to customize them via overrides. In many cases this will not imply that other functions in the contract will automatically adapt to the overridden definitions. People who wish to override should consult the source code to understand the impact and if they need to override any additional functions to achieve the desired behavior.

Breaking changes

  • ERC1967Upgrade: The function _upgradeToAndCallSecure was renamed to _upgradeToAndCallUUPS, along with the change in security mechanism described above.
  • Address: The Solidity pragma is increased from ^0.8.0 to ^0.8.1. This is required by the account.code.length syntax that replaces inline assembly. This may require users to bump their compiler version from 0.8.0 to 0.8.1 or later. Note that other parts of the code already include stricter requirements.
Commits
  • a5445b0 4.5.0
  • 494b1b9 Add a _spendAllowance function to ERC20 & ERC777 (#3170)
  • 234a971 Rename some ERC20 parameters to match the standard document. (#3167)
  • 2248e37 Fix typo in CHANGELOG (#3138)
  • c1a5c27 Make royaltyInfo(uint256 _tokenId, uint256 _salePrice) virtual (#3133)
  • a976023 Fix broken pull request links in change log (#3114)
  • fdfd972 Move abs(int256) from Math to SafeMath (#3110)
  • a8a08be Improve documentation of various governance aspects (#3161)
  • ac8c536 Add "available since" on Base64.sol
  • a9e5759 Simplify inheritance to avoid overrides
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Mar 21, 2022
@dependabot
Bump @openzeppelin/contracts from 4.4.2 to 4.5.0
9783a6e 
Bumps [@openzeppelin/contracts](https://github.com/OpenZeppelin/openzeppelin-contracts) from 4.4.2 to 4.5.0.
- [Release notes](https://github.com/OpenZeppelin/openzeppelin-contracts/releases)
- [Changelog](https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/CHANGELOG.md)
- [Commits](OpenZeppelin/openzeppelin-contracts@v4.4.2...v4.5.0)

---
updated-dependencies:
- dependency-name: "@openzeppelin/contracts"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/openzeppelin/contracts-4.5.0 branch from 89b5d8e to 9783a6e Compare April 11, 2022 21:59
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Jul 1, 2022

Superseded by #78.

@dependabot dependabot bot closed this Jul 1, 2022
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/openzeppelin/contracts-4.5.0 branch July 1, 2022 08:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nullbitx8 nullbitx8 Awaiting requested review from nullbitx8 nullbitx8 is a code owner

@dallonasnes dallonasnes Awaiting requested review from dallonasnes dallonasnes is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants

Comments