Skip to content

Bump @openzeppelin/contracts from 2.5.0 to 3.3.0#57

Closed
dependabot-preview[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/openzeppelin/contracts-3.3.0
Closed

Bump @openzeppelin/contracts from 2.5.0 to 3.3.0#57
dependabot-preview[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/openzeppelin/contracts-3.3.0

Conversation

@dependabot-preview
Copy link
Contributor

@dependabot-preview dependabot-preview bot commented Nov 27, 2020

Bumps @openzeppelin/contracts from 2.5.0 to 3.3.0.

Release notes

Sourced from @openzeppelin/contracts's releases.

v3.2.1 for Solidity 0.7

This is a special release for Solidity 0.7 that gets rid of a warning in ERC777 using one of the new features of the language. (#2327)

Note: The variant for Solidity 0.7 can be installed using npm install @openzeppelin/contracts@solc-0.7.

v3.2.0

Welcome to a new release of OpenZeppelin Contracts! 👯

The big feature in this release is that we’ve migrated our proxy contracts from OpenZeppelin SDK into the Contracts project. We hope this will make more people aware of upgrades in Ethereum, and we also think the contracts will benefit greatly from the continued scrutiny by all of you in the community. This was also a migration of the proxies from Solidity 0.5 to 0.6, which we know some users have been waiting for.

For Solidity 0.7 users, a reminder that we have support for the newer compiler version published on npm under the tag solc-0.7, the latest release being 3.2.0-solc-0.7. We’re considering officially switching to 0.7 for the release after this one.

There is additionally a small breaking change in ERC20Snapshot that may affect some of its users. If you’re one of them please take a look at the changelog.

v3.1.0

This is the first release since v3.0, our last major release. It includes the long-awaited ERC1155 token and helpers for safe calls and downcasts, as well as a number of minor improvements.

To install this release, run:

npm install --save-dev @openzeppelin/contracts

ERC1155

This is a new token standard developed by the gaming industry, focusing on gas efficiency. It's key difference is that it is a multi-token contract: a single ERC1155 can be used to represent an arbitrary number of tokens, which is very useful in applications that require many tokens by removing the high gas costs associated with deploying them. Check out our new documentation page to learn more!.

More Replacements for call

The low-level call primitive can be hard to use correctly and is often considered unsafe. With the addition of sendValue in Contracts and try-catch in Solidity, there's only a few scenarios in which call is still needed, the most troublesome one being forwarding calls.

The new functionCall helpers can forward call data to a recipient contract while imitating Solidity's function call semantics, such as bubbling up revert reasons and rejecting calls to EOAs. We expect the addition of these functions to greatly reduce the need to rely on call.

Using SafeMath on Small Signed Integers

We've expanded the scope of the SafeCast library to also include signed integer downcasting, which allows for users that need small types (such as int8 or int32) to perform checked arithmetic on them by using SafeMath, and then downcast the result to the intended size.

OpenZeppelin Contracts 3.0.1

This is a small bugfix release, addressing an issue that allowed for some internal functions in ERC777 to be called with the zero address as one of their arguments.

This was reported in OpenZeppelin/openzeppelin-contracts#2208, fixed in OpenZeppelin/openzeppelin-contracts#2212 for the v2.5 branch, and ported to the v3.0 branch in OpenZeppelin/openzeppelin-contracts#2213.

OpenZeppelin Contracts 3.0

We're thrilled to finally announce the release of OpenZeppelin Contracts v3.0

Among other things, this release features the migration to Solidity v0.6, as well as a revamped access control system, streamlined token contracts, and new libraries for enumerable mappings.

To install this latest release, run:

Changelog

Sourced from @openzeppelin/contracts's changelog.

3.3.0 (2020-11-26)

  • Now supports both Solidity 0.6 and 0.7. Compiling with solc 0.7 will result in warnings. Install the solc-0.7 tag to compile without warnings.
  • Address: added functionStaticCall, similar to the existing functionCall. (#2333)
  • TimelockController: added a contract to augment access control schemes with a delay. (#2354)
  • EnumerableSet: added Bytes32Set, for sets of bytes32. (#2395)

3.2.0 (2020-09-10)

New features

  • Proxies: added the proxy contracts from OpenZeppelin SDK. (#2335)

Proxy changes with respect to OpenZeppelin SDK

Aside from upgrading them from Solidity 0.5 to 0.6, we've changed a few minor things from the proxy contracts as they were found in OpenZeppelin SDK.

  • UpgradeabilityProxy was renamed to UpgradeableProxy.
  • AdminUpgradeabilityProxy was renamed to TransparentUpgradeableProxy.
  • Proxy._willFallback was renamed to Proxy._beforeFallback.
  • UpgradeabilityProxy._setImplementation and AdminUpgradeabilityProxy._setAdmin were made private.

Improvements

  • Address.isContract: switched from extcodehash to extcodesize for less gas usage. (#2311)

Breaking changes

  • ERC20Snapshot: switched to using _beforeTokenTransfer hook instead of overriding ERC20 operations. (#2312)

This small change in the way we implemented ERC20Snapshot may affect users who are combining this contract with other ERC20 flavors, since it no longer overrides _transfer, _mint, and _burn. This can result in having to remove Solidity override(...) specifiers in derived contracts for these functions, and to instead have to add it for _beforeTokenTransfer. See Using Hooks in the documentation.

3.1.0 (2020-06-23)

New features

  • SafeCast: added functions to downcast signed integers (e.g. toInt32), improving usability of SignedSafeMath. (#2243)
  • functionCall: new helpers that replicate Solidity's function call semantics, reducing the need to rely on call. (#2264)
  • ERC1155: added support for a base implementation, non-standard extensions and a preset contract. (#2014, #2230)

Improvements

  • ReentrancyGuard: reduced overhead of using the nonReentrant modifier. (#2171)
  • AccessControl: added a RoleAdminChanged event to _setAdminRole. (#2214)
  • Made all public functions in the token preset contracts virtual. (#2257)

Deprecations

  • SafeERC20: deprecated safeApprove. (#2268)

3.0.2 (2020-06-08)

Improvements

  • Added SPX license identifier to all contracts. (#2235)
Commits
  • 6be5ffe 3.3.0
  • ba843f0 Fix release script
  • 4297be6 Use custom ids for timelock docs section titles
  • d2003a6 Fix NatSpec comment syntax
  • 1fccf6f 3.3.0-rc.2
  • 7f8fc58 Remove Address.functionDelegateCall
  • 1d1d2ba Add mention of TimelockController in intro to access docs
  • 3881175 Fix TimelockController link in changelog
  • f7bb84c Add changelog entry about support for both 0.6 and 0.7
  • c67d81b 3.3.0-rc.1
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

@dependabot-preview dependabot-preview bot added the dependencies Pull requests that update a dependency file label Nov 27, 2020
@dependabot-preview dependabot-preview bot mentioned this pull request Nov 27, 2020
Closed
@dependabot-preview
Copy link
Contributor Author

dependabot-preview bot commented Feb 3, 2021

Superseded by #69.

@dependabot-preview dependabot-preview bot deleted the dependabot/npm_and_yarn/openzeppelin/contracts-3.3.0 branch February 3, 2021 16:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants