Bump @openzeppelin/contracts from 2.5.0 to 3.4.0

[dependabot-preview]

Bumps @openzeppelin/contracts from 2.5.0 to 3.4.0.

Release notes

Sourced from @openzeppelin/contracts's releases.

v3.3.0

Read the full announcement in the forum or check out the changelog.

• Now supports both Solidity 0.6 and 0.7. Compiling with solc 0.7 will result in warnings. Install the solc-0.7 tag to compile without warnings.
• TimelockController: added a contract to augment access control schemes with a delay. (#2354)
• Address: added functionStaticCall, similar to the existing functionCall. (#2333)
• EnumerableSet: added Bytes32Set, for sets of bytes32. (#2395)

v3.2.1 for Solidity 0.7

This is a special release for Solidity 0.7 that gets rid of a warning in ERC777 using one of the new features of the language. (#2327)

Note: The variant for Solidity 0.7 can be installed using npm install @openzeppelin/contracts@solc-0.7.

v3.2.0

Welcome to a new release of OpenZeppelin Contracts! 👯

The big feature in this release is that we’ve migrated our proxy contracts from OpenZeppelin SDK into the Contracts project. We hope this will make more people aware of upgrades in Ethereum, and we also think the contracts will benefit greatly from the continued scrutiny by all of you in the community. This was also a migration of the proxies from Solidity 0.5 to 0.6, which we know some users have been waiting for.

For Solidity 0.7 users, a reminder that we have support for the newer compiler version published on npm under the tag solc-0.7, the latest release being 3.2.0-solc-0.7. We’re considering officially switching to 0.7 for the release after this one.

There is additionally a small breaking change in ERC20Snapshot that may affect some of its users. If you’re one of them please take a look at the changelog.

v3.1.0

This is the first release since v3.0, our last major release. It includes the long-awaited ERC1155 token and helpers for safe calls and downcasts, as well as a number of minor improvements.

To install this release, run:

npm install --save-dev @openzeppelin/contracts

ERC1155

This is a new token standard developed by the gaming industry, focusing on gas efficiency. It's key difference is that it is a multi-token contract: a single ERC1155 can be used to represent an arbitrary number of tokens, which is very useful in applications that require many tokens by removing the high gas costs associated with deploying them. Check out our new documentation page to learn more!.

More Replacements for call

The low-level call primitive can be hard to use correctly and is often considered unsafe. With the addition of sendValue in Contracts and try-catch in Solidity, there's only a few scenarios in which call is still needed, the most troublesome one being forwarding calls.

The new functionCall helpers can forward call data to a recipient contract while imitating Solidity's function call semantics, such as bubbling up revert reasons and rejecting calls to EOAs. We expect the addition of these functions to greatly reduce the need to rely on call.

Using SafeMath on Small Signed Integers

We've expanded the scope of the SafeCast library to also include signed integer downcasting, which allows for users that need small types (such as int8 or int32) to perform checked arithmetic on them by using SafeMath, and then downcast the result to the intended size.

OpenZeppelin Contracts 3.0.1

This is a small bugfix release, addressing an issue that allowed for some internal functions in ERC777 to be called with the zero address as one of their arguments.

This was reported in OpenZeppelin/openzeppelin-contracts#2208, fixed in OpenZeppelin/openzeppelin-contracts#2212 for the v2.5 branch, and ported to the v3.0 branch in OpenZeppelin/openzeppelin-contracts#2213.

... (truncated)

Changelog

Sourced from @openzeppelin/contracts's changelog.

3.4.0 (2021-02-02)

• BeaconProxy: added new kind of proxy that allows simultaneous atomic upgrades. (#2411)
• EIP712: added helpers to verify EIP712 typed data signatures on chain. (#2418)
• ERC20Permit: added an implementation of the ERC20 permit extension for gasless token approvals. (#2237)
• Presets: added token presets with preminted fixed supply ERC20PresetFixedSupply and ERC777PresetFixedSupply. (#2399)
• Address: added functionDelegateCall, similar to the existing functionCall. (#2333)
• Clones: added a library for deploying EIP 1167 minimal proxies. (#2449)
• Context: moved from contracts/GSN to contracts/utils. (#2453)
• PaymentSplitter: replace usage of .transfer() with Address.sendValue for improved compatibility with smart wallets. (#2455)
• UpgradeableProxy: bubble revert reasons from initialization calls. (#2454)
• SafeMath: fix a memory allocation issue by adding new SafeMath.tryOp(uint,uint)→(bool,uint) functions. SafeMath.op(uint,uint,string)→uint are now deprecated. (#2462)
• EnumerableMap: fix a memory allocation issue by adding new EnumerableMap.tryGet(uint)→(bool,address) functions. EnumerableMap.get(uint)→string is now deprecated. (#2462)
• ERC165Checker: added batch getSupportedInterfaces. (#2469)
• RefundEscrow: beneficiaryWithdraw will forward all available gas to the beneficiary. (#2480)
• Many view and pure functions have been made virtual to customize them via overrides. In many cases this will not imply that other functions in the contract will automatically adapt to the overridden definitions. People who wish to override should consult the source code to understand the impact and if they need to override any additional functions to achieve the desired behavior.

Security Fixes

• ERC777: fix potential reentrancy issues for custom extensions to ERC777. (#2483)

If you're using our implementation of ERC777 from version 3.3.0 or earlier, and you define a custom _beforeTokenTransfer function that writes to a storage variable, you may be vulnerable to a reentrancy attack. If you're affected and would like assistance please write to security@openzeppelin.com. Read more in the pull request.

3.3.0 (2020-11-26)

• Now supports both Solidity 0.6 and 0.7. Compiling with solc 0.7 will result in warnings. Install the solc-0.7 tag to compile without warnings.
• Address: added functionStaticCall, similar to the existing functionCall. (#2333)
• TimelockController: added a contract to augment access control schemes with a delay. (#2354)
• EnumerableSet: added Bytes32Set, for sets of bytes32. (#2395)

3.2.2-solc-0.7 (2020-10-28)

• Resolve warnings introduced by Solidity 0.7.4. (#2396)

3.2.1-solc-0.7 (2020-09-15)

• ERC777: Remove a warning about function state visibility in Solidity 0.7. (#2327)

3.2.0 (2020-09-10)

New features

• Proxies: added the proxy contracts from OpenZeppelin SDK. (#2335)

Proxy changes with respect to OpenZeppelin SDK

Aside from upgrading them from Solidity 0.5 to 0.6, we've changed a few minor things from the proxy contracts as they were found in OpenZeppelin SDK.

• UpgradeabilityProxy was renamed to UpgradeableProxy.
• AdminUpgradeabilityProxy was renamed to TransparentUpgradeableProxy.
• Proxy._willFallback was renamed to Proxy._beforeFallback.
• UpgradeabilityProxy._setImplementation and AdminUpgradeabilityProxy._setAdmin were made private.

... (truncated)

Commits

• fa64a1c 3.4.0
• 0f553e7 Remove SafeMathMock compilation warnings (#2497)
• a0e2bca Add "available since" comments in documentation
• ff300b1 3.4.0-rc.0
• 18c7efe Make view and pure functions virtual (#2473)
• 0931062 Use Address.sendValue instead of address.transfer in RefundEscrow (#2480)
• 3b4c951 Fix ERC777 potential reentrancy issues (#2483)
• c2c08af Add ERC165Checker.getSupportedInterfaces (#2469)
• 9e49be4 Add ERC1167 library (minimal proxy) (#2449)
• dd86c97 Fix scripts/prepare-docs.sh
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[dependabot-preview]

Superseded by #76.