search

Kava-Labs / kava

DeFi for Crypto.
Apache License 2.0
439 stars 364 forks source link

chore(deps): bump ws, @nomicfoundation/hardhat-toolbox and hardhat in /contracts #1946

Closed dependabot[bot] closed 3 weeks ago

dependabot[bot] commented 2 months ago

Bumps ws to 7.5.10 and updates ancestor dependencies ws, @nomicfoundation/hardhat-toolbox and hardhat. These dependencies need to be updated together.

Updates ws from 7.4.6 to 7.5.10

Release notes

Sourced from ws's releases.

7.5.10

Bug fixes

  • Backported e55e5106 to the 7.x release line (22c28763).

7.5.9

Bug fixes

  • Backported bc8bd34e to the 7.x release line (0435e6e1).

7.5.8

Bug fixes

  • Backported 0fdcc0af to the 7.x release line (2758ed35).
  • Backported d68ba9e1 to the 7.x release line (dc1781bc).

7.5.7

Bug fixes

  • Backported 6946f5fe to the 7.x release line (1f72e2e1).

7.5.6

Bug fixes

  • Backported b8186dd1 to the 7.x release line (73dec34b).
  • Backported ed2b8039 to the 7.x release line (22a26afb).

7.5.5

Bug fixes

  • Backported ec9377ca to the 7.x release line (0e274acd).

7.5.4

Bug fixes

  • Backported 6a72da3e to the 7.x release line (76087fbf).
  • Backported 869c9892 to the 7.x release line (27997933).

7.5.3

Bug fixes

  • The WebSocketServer constructor now throws an error if more than one of the noServer, server, and port options are specefied (66e58d27).
  • Fixed a bug where a 'close' event was emitted by a WebSocketServer before the internal HTTP/S server was actually closed (5a587304).
  • Fixed a bug that allowed WebSocket connections to be established after WebSocketServer.prototype.close() was called (772236a1).

7.5.2

Bug fixes

... (truncated)

Commits
  • d962d70 [dist] 7.5.10
  • 22c2876 [security] Fix crash when the Upgrade header cannot be read (#2231)
  • 8a78f87 [dist] 7.5.9
  • 0435e6e [security] Fix same host check for ws+unix: redirects
  • 4271f07 [dist] 7.5.8
  • dc1781b [security] Drop sensitive headers when following insecure redirects
  • 2758ed3 [fix] Abort the handshake if the Upgrade header is invalid
  • a370613 [dist] 7.5.7
  • 1f72e2e [security] Drop sensitive headers when following redirects (#2013)
  • 8ecd890 [dist] 7.5.6
  • Additional commits viewable in compare view


Updates @nomicfoundation/hardhat-toolbox from 2.0.2 to 5.0.0

Release notes

Sourced from @​nomicfoundation/hardhat-toolbox's releases.

@​nomicfoundation/hardhat-toolbox@​5.0.0

This version of Hardhat Toolbox adds Hardhat Ignition as the default deployment system. See the Hardhat Ignition docs for more information.

@​nomicfoundation/hardhat-toolbox-viem@​3.0.0

This version of Hardhat Toolbox adds Hardhat Ignition as the default deployment system. See the Hardhat Ignition docs for more information.

The version of hardhat-viem has been bumped to include viem@2 support, see the Viem@2 migration guide for more details.

@​nomicfoundation/hardhat-toolbox@​4.0.0

This version of Hardhat Toolbox bumps the versions of hardhat-verify and typechain. This is a new major because the new versions of those peer dependencies are not compatible with the previous ones, but you can consider this a low-risk upgrade.

Hardhat Toolbox v3.0.0: ethers v6, bigints and more!

This new major version of Hardhat Toolbox is based on ethers v6 and uses new versions of the hardhat-ethers, hardhat-chai-matchers and typechain plugins.

Using in a new project

Nothing has changed in how you use the Toolbox for a new project: if you initialize one with the latest version of Hardhat, then this version of the Toolbox will be used. Check our Setting up a project guide for the complete instructions.

Upgrading an existing project

To use this new version of the Toolbox in an existing project, you need to upgrade the Toolbox and its relevant peer dependencies.

If you are using npm 7 or later, you just need to upgrade the Toolbox and npm will handle the rest:

npm install @nomicfoundation/hardhat-toolbox@3

If you are using yarn or an older version of npm, you’ll need to manually upgrade all the relevant packages and remove the ones that are no longer needed:

# upgrade relevant packages
yarn add @nomicfoundation/hardhat-toolbox@3 @nomicfoundation/hardhat-chai-matchers@2 @nomicfoundation/hardhat-ethers@3 @nomicfoundation/hardhat-verify @typechain/ethers-v6 @typechain/hardhat@8 ethers@6

remove packages that are no longer needed


yarn remove @​ethersproject/abi @​ethersproject/providers @​nomiclabs/hardhat-ethers @​nomiclabs/hardhat-etherscan @​typechain/ethers-v5

What’s new?

Ethers v6 has several changes with respect to v5. These are some of them, but check their migration guide for the full details.

Native bigints

One of the most important changes in v6 is that now native bigints are used instead of BigNumber objects. For example, checking if an address has a positive amount of tokens is done like this in v5:

const balance = await token.balanceOf(someAddress)

if (balance.gt(0)) {
</tr></table>

... (truncated)

Commits
  • a3ada90 Version Packages
  • 3ee20fc chore: bump edr version to 0.3.1
  • 0f0f470 test: fix assert.isDefined issue
  • 6694140 chore: loosen typescript peer dep for viem toolbox
  • 49f4ffe chore: bump the version of Ignition in toolboxes
  • 90c3f41 Add default tab for new combination
  • ac43eec remove ignition-core as peer dep
  • 4da8ba6 update boilerplate docs
  • 137ee9a docs: revert the change to project setup
  • 779c167 docs: clarify module file in deploying guide
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by kanej, a new releaser for @​nomicfoundation/hardhat-toolbox since your current version.


Updates hardhat from 2.14.0 to 2.22.5

Release notes

Sourced from hardhat's releases.

Hardhat v2.22.5

This release re-enables support for hardhat-tracer and adds limited support for blob transactions, along with performance improvements and bug fixes.

Changelog

  • f65dc7c: Improved the validation of network and forking URLs (thanks @​kshyun28!)
  • 5d46baa: Internal changes to allow hardhat-tracer to be re-enabled with Hardhat after the EDR upgrade
  • 6e36f3f: Bump EDR to v0.4.0. This adds support for eth_maxPriorityFeePerGas, limited support for blob transactions, improves performance and fixes some bugs. Check out the v0.4.0 EDR release and v0.3.8 EDR release for more details.

💡 The Nomic Foundation is hiring! Check our open positions.

Hardhat v2.22.4

This release includes bug fixes, performance enhancements, and an improvement to the task system to support BigInt arguments.

Changelog

  • 22bcbf5: Added BigInt task argument type.
  • 2c533f0: Bumped EDR dependency to 0.3.7.
  • 3203639: Fixed an issue in the solidity source map decoding module.
  • 5d7a604: Fixed an issue with solc version selection.
  • 3c6de8f: Now solcjs is run in a subprocess, which leads to better error reporting and allows it to run multiple compilation jobs at the same time.
  • 6447e80: Improved performance by reducing back-and-forth with EDR when it's not necessary.

💡 The Nomic Foundation is hiring! Check our open positions.

hardhat@2.22.3

A small bug fix release that improves the error messaging around failed installs of EDR (Hardhat network).

Changelog

  • 6466e3a: A proper error is now thrown when requiring EDR fails
  • ae62841: Upgrade EDR to version 0.3.5
  • 679d8a5: Report HH18 to Sentry.

💡 The Nomic Foundation is hiring! Check our open positions.

Hardhat v2.22.2

This release introduces a small change to the initialization process of Hardhat, which makes the task runner more extensible.

Changelog

  • 7876104: Initialize the Hardhat Runtime Environment before passing the command line arguments. Thanks @​theethernaut!

Hardhat v2.22.1

This release updates the starter projects available through hardhat init to include Hardhat Ignition as the default deployment system.

... (truncated)

Commits
  • f579adc Version Packages
  • 0c7b68e Merge pull request #5195 from NomicFoundation/hardhat-tracer-support
  • b45eb94 Fix pnpm wrongly handling deep peer deps
  • 3c27724 Update pnpm-lock.yaml
  • 0b8e781 Merge branch 'main' into hardhat-tracer-support
  • 001b948 Bump EDR dependency to ^0.4.0
  • d2ce024 Merge pull request #5290 from NomicFoundation/main-pnpm-9
  • 5fcf38e Migrate to pnpm 9
  • 389f9fe Merge remote-tracking branch 'refs/remotes/origin/hardhat-tracer-support' int...
  • 06171bd Merge branch 'main' into hardhat-tracer-support
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by kanej, a new releaser for hardhat since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Kava-Labs/kava/network/alerts).
drklee3 commented 3 weeks ago

hardhat still uses an old version of @ethersproject/abi@5.7.0 with the affected version of ws

Not affected as we do not use the contracts package for any production services that would use ws and only for smart contract development & testing.

dependabot[bot] commented 3 weeks ago

OK, I won't notify you again about this release, but will get in touch when a new version is available.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.