search

BendDAO / bend-lending-protocol

BendDAO Lending Protocol for Web3 Data Liquidity
Other
126 stars 55 forks source link

Bump @openzeppelin/contracts from 4.4.1 to 4.7.1 #53

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 2 years ago

Bumps @openzeppelin/contracts from 4.4.1 to 4.7.1.

Release notes

Sourced from @​openzeppelin/contracts's releases.

v4.7.1

:warning: This is a patch for a medium severity issue affecting SignatureChecker and a high severity issue affecting ERC165Checker. For more information visit the security advisories (1, 2).

  • SignatureChecker: Fix an issue that causes isValidSignatureNow to revert when the target contract returns ill-encoded data. (#3552)
  • ERC165Checker: Fix an issue that causes supportsInterface to revert when the target contract returns ill-encoded data. (#3552)

v4.7.0

  • TimelockController: Migrate _call to _execute and allow inheritance and overriding similar to Governor. (#3317)
  • CrossChainEnabledPolygonChild: replace the require statement with the custom error NotCrossChainCall. (#3380)
  • ERC20FlashMint: Add customizable flash fee receiver. (#3327)
  • ERC4626: add an extension of ERC20 that implements the ERC4626 Tokenized Vault Standard. (#3171)
  • SafeERC20: add safePermit as mitigation against phantom permit functions. (#3280)
  • Math: add a mulDiv function that can round the result either up or down. (#3171)
  • Math: Add a sqrt function to compute square roots of integers, rounding either up or down. (#3242)
  • Strings: add a new overloaded function toHexString that converts an address with fixed length of 20 bytes to its not checksummed ASCII string hexadecimal representation. (#3403)
  • EnumerableMap: add new UintToUintMap map type. (#3338)
  • EnumerableMap: add new Bytes32ToUintMap map type. (#3416)
  • SafeCast: add support for many more types, using procedural code generation. (#3245)
  • MerkleProof: add multiProofVerify to prove multiple values are part of a Merkle tree. (#3276)
  • MerkleProof: add calldata versions of the functions to avoid copying input arrays to memory and save gas. (#3200)
  • ERC721, ERC1155: simplified revert reasons. (#3254, (#3438))
  • ERC721: removed redundant require statement. (#3434)
  • PaymentSplitter: add releasable getters. (#3350)
  • Initializable: refactored implementation of modifiers for easier understanding. (#3450)
  • Proxies: remove runtime check of ERC1967 storage slots. (#3455)

Breaking changes

  • Initializable: functions decorated with the modifier reinitializer(1) may no longer invoke each other.

v4.7.0-rc.0

This prerelease is now available for open review! Let us know your feedback and if you find any security issues.

We have a bug bounty with rewards of up to USD $25,000 and a special POAP for submitting a valid issue.

See the announcement for more details.

v4.6.0

  • crosschain: Add a new set of contracts for cross-chain applications. CrossChainEnabled is a base contract with instantiations for several chains and bridges, and AccessControlCrossChain is an extension of access control that allows cross-chain operation. (#3183)
  • AccessControl: add a virtual _checkRole(bytes32) function that can be overridden to alter the onlyRole modifier behavior. (#3137)
  • EnumerableMap: add new AddressToUintMap map type. (#3150)
  • EnumerableMap: add new Bytes32ToBytes32Map map type. (#3192)
  • ERC20FlashMint: support infinite allowance when paying back a flash loan. (#3226)
  • ERC20Wrapper: the decimals() function now tries to fetch the value from the underlying token instance. If that calls revert, then the default value is used. (#3259)
  • draft-ERC20Permit: replace immutable with constant for _PERMIT_TYPEHASH since the keccak256 of string literals is treated specially and the hash is evaluated at compile time. (#3196)
  • ERC1155: Add a _afterTokenTransfer hook for improved extensibility. (#3166)
  • ERC1155URIStorage: add a new extension that implements a _setURI behavior similar to ERC721's _setTokenURI. (#3210)
  • DoubleEndedQueue: a new data structure that supports efficient push and pop to both front and back, useful for FIFO and LIFO queues. (#3153)
  • Governor: improved security of onlyGovernance modifier when using an external executor contract (e.g. a timelock) that can operate without necessarily going through the governance protocol. (#3147)
  • Governor: Add a way to parameterize votes. This can be used to implement voting systems such as fractionalized voting, ERC721 based voting, or any number of other systems. The params argument added to _countVote method, and included in the newly added _getVotes method, can be used by counting and voting modules respectively for such purposes. (#3043)

... (truncated)

Changelog

Sourced from @​openzeppelin/contracts's changelog.

4.7.1

  • SignatureChecker: Fix an issue that causes isValidSignatureNow to revert when the target contract returns ill-encoded data. (#3552)
  • ERC165Checker: Fix an issue that causes supportsInterface to revert when the target contract returns ill-encoded data. (#3552)

4.7.0 (2022-06-29)

  • TimelockController: Migrate _call to _execute and allow inheritance and overriding similar to Governor. (#3317)
  • CrossChainEnabledPolygonChild: replace the require statement with the custom error NotCrossChainCall. (#3380)
  • ERC20FlashMint: Add customizable flash fee receiver. (#3327)
  • ERC4626: add an extension of ERC20 that implements the ERC4626 Tokenized Vault Standard. (#3171)
  • SafeERC20: add safePermit as mitigation against phantom permit functions. (#3280)
  • Math: add a mulDiv function that can round the result either up or down. (#3171)
  • Math: Add a sqrt function to compute square roots of integers, rounding either up or down. (#3242)
  • Strings: add a new overloaded function toHexString that converts an address with fixed length of 20 bytes to its not checksummed ASCII string hexadecimal representation. (#3403)
  • EnumerableMap: add new UintToUintMap map type. (#3338)
  • EnumerableMap: add new Bytes32ToUintMap map type. (#3416)
  • SafeCast: add support for many more types, using procedural code generation. (#3245)
  • MerkleProof: add multiProofVerify to prove multiple values are part of a Merkle tree. (#3276)
  • MerkleProof: add calldata versions of the functions to avoid copying input arrays to memory and save gas. (#3200)
  • ERC721, ERC1155: simplified revert reasons. (#3254, (#3438))
  • ERC721: removed redundant require statement. (#3434)
  • PaymentSplitter: add releasable getters. (#3350)
  • Initializable: refactored implementation of modifiers for easier understanding. (#3450)
  • Proxies: remove runtime check of ERC1967 storage slots. (#3455)

Breaking changes

  • Initializable: functions decorated with the modifier reinitializer(1) may no longer invoke each other.

4.6.0 (2022-04-26)

  • crosschain: Add a new set of contracts for cross-chain applications. CrossChainEnabled is a base contract with instantiations for several chains and bridges, and AccessControlCrossChain is an extension of access control that allows cross-chain operation. (#3183)
  • AccessControl: add a virtual _checkRole(bytes32) function that can be overridden to alter the onlyRole modifier behavior. (#3137)
  • EnumerableMap: add new AddressToUintMap map type. (#3150)
  • EnumerableMap: add new Bytes32ToBytes32Map map type. (#3192)
  • ERC20FlashMint: support infinite allowance when paying back a flash loan. (#3226)
  • ERC20Wrapper: the decimals() function now tries to fetch the value from the underlying token instance. If that calls revert, then the default value is used. (#3259)
  • draft-ERC20Permit: replace immutable with constant for _PERMIT_TYPEHASH since the keccak256 of string literals is treated specially and the hash is evaluated at compile time. (#3196)
  • ERC1155: Add a _afterTokenTransfer hook for improved extensibility. (#3166)
  • ERC1155URIStorage: add a new extension that implements a _setURI behavior similar to ERC721's _setTokenURI. (#3210)
  • DoubleEndedQueue: a new data structure that supports efficient push and pop to both front and back, useful for FIFO and LIFO queues. (#3153)
  • Governor: improved security of onlyGovernance modifier when using an external executor contract (e.g. a timelock) that can operate without necessarily going through the governance protocol. (#3147)
  • Governor: Add a way to parameterize votes. This can be used to implement voting systems such as fractionalized voting, ERC721 based voting, or any number of other systems. The params argument added to _countVote method, and included in the newly added _getVotes method, can be used by counting and voting modules respectively for such purposes. (#3043)
  • Governor: rewording of revert reason for consistency. (#3275)
  • Governor: fix an inconsistency in data locations that could lead to invalid bytecode being produced. (#3295)
  • Governor: Implement IERC721Receiver and IERC1155Receiver to improve token custody by governors. (#3230)
  • TimelockController: Implement IERC721Receiver and IERC1155Receiver to improve token custody by timelocks. (#3230)
  • TimelockController: Add a separate canceller role for the ability to cancel. (#3165)
  • Initializable: add a reinitializer modifier that enables the initialization of new modules, added to already initialized contracts through upgradeability. (#3232)

... (truncated)

Commits
  • 3b8b4ba 4.7.1
  • 212de08 Fix issues caused by abi.decode reverting (#3552)
  • 8c49ad7 4.7.0
  • 0b238a5 Minor wording fixes ERC4626 contract (#3510)
  • e4748fb Support memory arrays in MerkleTree multiproof (#3493)
  • b971092 Make ERC4626 _deposit and _withdraw internal virtual (#3504)
  • 4307d74 Add a caution note to ERC4626 about EOA access (#3503)
  • 1e7d735 Clarify PaymentSplitter shares are static
  • 029706d Fix check for generated code when last updated is a release candidate
  • 97c46a7 Output diff when test:generation fails
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/BendDAO/bend-lending-protocol/network/alerts).
codecov[bot] commented 2 years ago

Codecov Report

Merging #53 (479da2c) into main (c47ab51) will not change coverage. The diff coverage is n/a.

@@           Coverage Diff           @@
##             main      #53   +/-   ##
=======================================
  Coverage   90.91%   90.91%           
=======================================
  Files          33       33           
  Lines        2356     2356           
  Branches      359      359           
=======================================
  Hits         2142     2142           
  Misses        214      214

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

dependabot[bot] commented 1 year ago

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.