:warning: This is a patch for a medium severity issue affecting SignatureChecker and a high severity issue affecting ERC165Checker. For more information visit the security advisories (1, 2).
SignatureChecker: Fix an issue that causes isValidSignatureNow to revert when the target contract returns ill-encoded data. (#3552)
ERC165Checker: Fix an issue that causes supportsInterface to revert when the target contract returns ill-encoded data. (#3552)
v4.7.0
TimelockController: Migrate _call to _execute and allow inheritance and overriding similar to Governor. (#3317)
CrossChainEnabledPolygonChild: replace the require statement with the custom error NotCrossChainCall. (#3380)
ERC4626: add an extension of ERC20 that implements the ERC4626 Tokenized Vault Standard. (#3171)
SafeERC20: add safePermit as mitigation against phantom permit functions. (#3280)
Math: add a mulDiv function that can round the result either up or down. (#3171)
Math: Add a sqrt function to compute square roots of integers, rounding either up or down. (#3242)
Strings: add a new overloaded function toHexString that converts an address with fixed length of 20 bytes to its not checksummed ASCII string hexadecimal representation. (#3403)
EnumerableMap: add new UintToUintMap map type. (#3338)
EnumerableMap: add new Bytes32ToUintMap map type. (#3416)
SafeCast: add support for many more types, using procedural code generation. (#3245)
MerkleProof: add multiProofVerify to prove multiple values are part of a Merkle tree. (#3276)
MerkleProof: add calldata versions of the functions to avoid copying input arrays to memory and save gas. (#3200)
crosschain: Add a new set of contracts for cross-chain applications. CrossChainEnabled is a base contract with instantiations for several chains and bridges, and AccessControlCrossChain is an extension of access control that allows cross-chain operation. (#3183)
AccessControl: add a virtual _checkRole(bytes32) function that can be overridden to alter the onlyRole modifier behavior. (#3137)
EnumerableMap: add new AddressToUintMap map type. (#3150)
EnumerableMap: add new Bytes32ToBytes32Map map type. (#3192)
ERC20FlashMint: support infinite allowance when paying back a flash loan. (#3226)
ERC20Wrapper: the decimals() function now tries to fetch the value from the underlying token instance. If that calls revert, then the default value is used. (#3259)
draft-ERC20Permit: replace immutable with constant for _PERMIT_TYPEHASH since the keccak256 of string literals is treated specially and the hash is evaluated at compile time. (#3196)
ERC1155: Add a _afterTokenTransfer hook for improved extensibility. (#3166)
ERC1155URIStorage: add a new extension that implements a _setURI behavior similar to ERC721's _setTokenURI. (#3210)
DoubleEndedQueue: a new data structure that supports efficient push and pop to both front and back, useful for FIFO and LIFO queues. (#3153)
Governor: improved security of onlyGovernance modifier when using an external executor contract (e.g. a timelock) that can operate without necessarily going through the governance protocol. (#3147)
Governor: Add a way to parameterize votes. This can be used to implement voting systems such as fractionalized voting, ERC721 based voting, or any number of other systems. The params argument added to _countVote method, and included in the newly added _getVotes method, can be used by counting and voting modules respectively for such purposes. (#3043)
ERC4626: add an extension of ERC20 that implements the ERC4626 Tokenized Vault Standard. (#3171)
SafeERC20: add safePermit as mitigation against phantom permit functions. (#3280)
Math: add a mulDiv function that can round the result either up or down. (#3171)
Math: Add a sqrt function to compute square roots of integers, rounding either up or down. (#3242)
Strings: add a new overloaded function toHexString that converts an address with fixed length of 20 bytes to its not checksummed ASCII string hexadecimal representation. (#3403)
EnumerableMap: add new UintToUintMap map type. (#3338)
EnumerableMap: add new Bytes32ToUintMap map type. (#3416)
SafeCast: add support for many more types, using procedural code generation. (#3245)
MerkleProof: add multiProofVerify to prove multiple values are part of a Merkle tree. (#3276)
MerkleProof: add calldata versions of the functions to avoid copying input arrays to memory and save gas. (#3200)
Initializable: refactored implementation of modifiers for easier understanding. (#3450)
Proxies: remove runtime check of ERC1967 storage slots. (#3455)
Breaking changes
Initializable: functions decorated with the modifier reinitializer(1) may no longer invoke each other.
4.6.0 (2022-04-26)
crosschain: Add a new set of contracts for cross-chain applications. CrossChainEnabled is a base contract with instantiations for several chains and bridges, and AccessControlCrossChain is an extension of access control that allows cross-chain operation. (#3183)
AccessControl: add a virtual _checkRole(bytes32) function that can be overridden to alter the onlyRole modifier behavior. (#3137)
EnumerableMap: add new AddressToUintMap map type. (#3150)
EnumerableMap: add new Bytes32ToBytes32Map map type. (#3192)
ERC20FlashMint: support infinite allowance when paying back a flash loan. (#3226)
ERC20Wrapper: the decimals() function now tries to fetch the value from the underlying token instance. If that calls revert, then the default value is used. (#3259)
draft-ERC20Permit: replace immutable with constant for _PERMIT_TYPEHASH since the keccak256 of string literals is treated specially and the hash is evaluated at compile time. (#3196)
ERC1155: Add a _afterTokenTransfer hook for improved extensibility. (#3166)
ERC1155URIStorage: add a new extension that implements a _setURI behavior similar to ERC721's _setTokenURI. (#3210)
DoubleEndedQueue: a new data structure that supports efficient push and pop to both front and back, useful for FIFO and LIFO queues. (#3153)
Governor: improved security of onlyGovernance modifier when using an external executor contract (e.g. a timelock) that can operate without necessarily going through the governance protocol. (#3147)
Governor: Add a way to parameterize votes. This can be used to implement voting systems such as fractionalized voting, ERC721 based voting, or any number of other systems. The params argument added to _countVote method, and included in the newly added _getVotes method, can be used by counting and voting modules respectively for such purposes. (#3043)
Governor: rewording of revert reason for consistency. (#3275)
Governor: fix an inconsistency in data locations that could lead to invalid bytecode being produced. (#3295)
Governor: Implement IERC721Receiver and IERC1155Receiver to improve token custody by governors. (#3230)
TimelockController: Implement IERC721Receiver and IERC1155Receiver to improve token custody by timelocks. (#3230)
TimelockController: Add a separate canceller role for the ability to cancel. (#3165)
Initializable: add a reinitializer modifier that enables the initialization of new modules, added to already initialized contracts through upgradeability. (#3232)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ProjectOpenSea/opensea-creatures/network/alerts).
dependabot[bot]
commented
2 years ago
Bumps @openzeppelin/contracts from 4.4.0 to 4.7.1.
Release notes
Sourced from
@openzeppelin/contracts's releases.... (truncated)
Changelog
Sourced from
@openzeppelin/contracts's changelog.... (truncated)
Commits
3b8b4ba4.7.1212de08Fix issues caused by abi.decode reverting (#3552)8c49ad74.7.00b238a5Minor wording fixesERC4626contract (#3510)e4748fbSupport memory arrays in MerkleTree multiproof (#3493)b971092Make ERC4626 _deposit and _withdraw internal virtual (#3504)4307d74Add a caution note to ERC4626 about EOA access (#3503)1e7d735Clarify PaymentSplitter shares are static029706dFix check for generated code when last updated is a release candidate97c46a7Output diff when test:generation failsDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ProjectOpenSea/opensea-creatures/network/alerts).