dharma-smart-wallet
dharma-smart-wallet copied to clipboard
Bump @openzeppelin/contracts from 2.3.0 to 4.4.2
Bumps @openzeppelin/contracts from 2.3.0 to 4.4.2.
Release notes
Sourced from @openzeppelin/contracts
's releases.
v4.4.2
:warning: This is a patch for a medium severity issue. For more information visit the security advisory.
GovernorCompatibilityBravo
: Fix error in the encoding of calldata for proposals submitted through the compatibility interface with explicit signatures. (#3100)v4.4.1
:warning: This is a patch for a low severity vulnerability. For more information visit the security advisory.
Initializable
: change the existinginitializer
modifier and add a newonlyInitializing
modifier to prevent reentrancy risk. (#3006)Breaking change
It is no longer possible to call an
initializer
-protected function from within anotherinitializer
function outside the context of a constructor. Projects using OpenZeppelin upgradeable proxies should continue to work as is, since in the common case the initializer is invoked in the constructor directly. If this is not the case for you, the suggested change is to use the newonlyInitializing
modifier in the following way:contract A { - function initialize() public initializer { ... } + function initialize() internal onlyInitializing { ... } } contract B is A { function initialize() public initializer { A.initialize(); } }
v4.4.0
Check out the first OpenZeppelin Community Call where the team discussed everything that is included in this release.
And if you missed it, we recently announced an official bug bounty program for OpenZeppelin Contracts. Check it out!
Ownable
: add an internal_transferOwnership(address)
. (#2568)AccessControl
: add internal_grantRole(bytes32,address)
and_revokeRole(bytes32,address)
. (#2568)AccessControl
: mark_setupRole(bytes32,address)
as deprecated in favor of_grantRole(bytes32,address)
. (#2568)AccessControlEnumerable
: hook into_grantRole(bytes32,address)
and_revokeRole(bytes32,address)
. (#2946)EIP712
: cacheaddress(this)
to immutable storage to avoid potential issues if a vanilla contract is used in a delegatecall context. (#2852)- Add internal
_setApprovalForAll
toERC721
andERC1155
. (#2834)Governor
: shift vote start and end by one block to better match Compound's GovernorBravo and prevent voting at the Governor level if the voting snapshot is not ready. (#2892)GovernorCompatibilityBravo
: consider quorum an inclusive rather than exclusive minimum to match Compound's GovernorBravo. (#2974)GovernorSettings
: a new governor module that manages voting settings updatable through governance actions. (#2904)PaymentSplitter
: now supports ERC20 assets in addition to Ether. (#2858)ECDSA
: add a variant oftoEthSignedMessageHash
for arbitrary length message hashing. (#2865)MerkleProof
: add aprocessProof
function that returns the rebuilt root hash given a leaf and a proof. (#2841)VestingWallet
: new contract that handles the vesting of Ether and ERC20 tokens following a customizable vesting schedule. (#2748)Governor
: enable receiving Ether when a Timelock contract is not used. (#2748)GovernorTimelockCompound
: fix ability to use Ether stored in the Timelock contract. (#2748)v4.3.3
:warning: This is a security patch. For more information visit the security advisory.
... (truncated)
Changelog
Sourced from @openzeppelin/contracts
's changelog.
4.4.2 (2022-01-11)
Bugfixes
GovernorCompatibilityBravo
: Fix error in the encoding of calldata for proposals submitted through the compatibility interface with explicit signatures. (#3100)4.4.1 (2021-12-14)
Initializable
: change the existinginitializer
modifier and add a newonlyInitializing
modifier to prevent reentrancy risk. (#3006)Breaking change
It is no longer possible to call an
initializer
-protected function from within anotherinitializer
function outside the context of a constructor. Projects using OpenZeppelin upgradeable proxies should continue to work as is, since in the common case the initializer is invoked in the constructor directly. If this is not the case for you, the suggested change is to use the newonlyInitializing
modifier in the following way:contract A { - function initialize() public initializer { ... } + function initialize() internal onlyInitializing { ... } } contract B is A { function initialize() public initializer { A.initialize(); } }
4.4.0 (2021-11-25)
Ownable
: add an internal_transferOwnership(address)
. (#2568)AccessControl
: add internal_grantRole(bytes32,address)
and_revokeRole(bytes32,address)
. (#2568)AccessControl
: mark_setupRole(bytes32,address)
as deprecated in favor of_grantRole(bytes32,address)
. (#2568)AccessControlEnumerable
: hook into_grantRole(bytes32,address)
and_revokeRole(bytes32,address)
. (#2946)EIP712
: cacheaddress(this)
to immutable storage to avoid potential issues if a vanilla contract is used in a delegatecall context. (#2852)- Add internal
_setApprovalForAll
toERC721
andERC1155
. (#2834)Governor
: shift vote start and end by one block to better match Compound's GovernorBravo and prevent voting at the Governor level if the voting snapshot is not ready. (#2892)GovernorCompatibilityBravo
: consider quorum an inclusive rather than exclusive minimum to match Compound's GovernorBravo. (#2974)GovernorSettings
: a new governor module that manages voting settings updatable through governance actions. (#2904)PaymentSplitter
: now supports ERC20 assets in addition to Ether. (#2858)ECDSA
: add a variant oftoEthSignedMessageHash
for arbitrary length message hashing. (#2865)MerkleProof
: add aprocessProof
function that returns the rebuilt root hash given a leaf and a proof. (#2841)VestingWallet
: new contract that handles the vesting of Ether and ERC20 tokens following a customizable vesting schedule. (#2748)Governor
: enable receiving Ether when a Timelock contract is not used. (#2748)GovernorTimelockCompound
: fix ability to use Ether stored in the Timelock contract. (#2748)4.3.3
ERC1155Supply
: HandletotalSupply
changes by hooking into_beforeTokenTransfer
to ensure consistency of balances and supply duringIERC1155Receiver.onERC1155Received
calls.4.3.2 (2021-09-14)
UUPSUpgradeable
: Add modifiers to preventupgradeTo
andupgradeToAndCall
being executed on any contract that is not the active ERC1967 proxy. This prevents these functions being called on implementation contracts or minimal ERC1167 clones, in particular.
... (truncated)
Commits
b53c432
4.4.29cae52c
Use abi.encodePacked instead of bytes.concat93d2d15
Make script executableeff4ad7
Fix encoding of signature+calldata in GovernorCompatibilityBravo (#3100)66436cb
Change release script to only update version comment for changed files (#3033)6bd6b76
4.4.113a6ec7
Remove bad date from changelog553c8fd
Update initializer modifier to prevent reentrancy during initialization (#3006)4961a51
4.4.094a0b8f
Make VestingWallet token event argument indexed (#2988)- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebase
will rebase this PR -
@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it -
@dependabot merge
will merge this PR after your CI passes on it -
@dependabot squash and merge
will squash and merge this PR after your CI passes on it -
@dependabot cancel merge
will cancel a previously requested merge and block automerging -
@dependabot reopen
will reopen this PR if it is closed -
@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -
@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language -
@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language -
@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language -
@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.