learn-ocean / ocean-academy

Official repo of Ocean Academy
https://OceanAcademy.io
MIT License
33 stars 17 forks source link

Bump undici and hardhat #138

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 2 years ago

Bumps undici and hardhat. These dependencies needed to be updated together. Updates undici from 4.16.0 to 5.9.1

Release notes

Sourced from undici's releases.

v5.9.1

What's Changed

New Contributors

Full Changelog: https://github.com/nodejs/undici/compare/v5.8.2...v5.9.1

v5.8.2

⚠️ Security Release ⚠️

  • CRLF Injection in Nodejs ‘undici’ via Content-Type GHSA-f772-66g8-q5h3 CVE-2022-35948
  • undici.request vulnerable to SSRF using absolute URL on pathname GHSA-8qr4-xgw6-wmr3 CVE-2022-35949

What's Changed

New Contributors

Full Changelog: https://github.com/nodejs/undici/compare/v5.8.1...v5.8.2

v5.8.1

What's Changed

New Contributors

... (truncated)

Commits
  • 5890e16 5.9.1
  • ecae314 fix: don't timeout while waiting for client to send request (#1604)
  • fa9fd90 fix(File): respect typed array byteOffset and byteLength (#1601)
  • ae6f554 fix: add support for integrity option to Fetch (#1596)
  • deed628 fix(fetch): implement fully read body algorithm (#1597)
  • 0d1419c Fix array headers (#1598)
  • 52d1ce5 Bumped v5.8.2
  • 66165d6 Merge pull request from GHSA-f772-66g8-q5h3
  • 124f7eb Merge pull request from GHSA-8qr4-xgw6-wmr3
  • aef314c feat(webidl): better error message for ByteString converter (#1591)
  • Additional commits viewable in compare view


Updates hardhat from 2.9.3 to 2.10.2

Release notes

Sourced from hardhat's releases.

Hardhat v2.10.2

This version adds support for Solidity versions up through 0.8.16. Besides that:

  • Now console.log() prints an empty line instead of printing undefined.
  • The "Unrecognized custom error" message includes the selector of the custom error.

Hardhat v2.10.1

This version improves how propagated Solidity errors are processed by Hardhat (issue #2546).

Hardhat 2.10.0: A refreshed experience

Hardhat 2.10.0 is out, and it marks a change in the product direction that Hardhat has historically taken.

Hardhat’s core values have always been optionality, flexibility and extensibility, enabling it to be used in whatever ways were needed and found to be useful. However, as we described in this thread, the Ethereum and Hardhat development ecosystems grew too large for easy navigation among the many different paths and viable options.

While retaining those core values, Hardhat 2.10.0 now offers a complete and opinionated setup that is ready to start building Ethereum software out-of-the-box. No decisions on plugins, libraries, or dependencies. Just get going.

We’re calling this the Hardhat Toolbox, which is a bundle of plugins and functionality that the Nomic Foundation team considers to be the best way to get started with a new Ethereum project. Read on to learn more about it.

Hardhat Toolbox

You can get our recommended setup by installing the @nomicfoundation/hardhat-toolbox plugin.

When you use this plugin, you'll be able to:

  • Deploy and interact with your contracts using ethers.js and the hardhat-ethers plugin.
  • Test your contracts with Mocha, Chai and our own Hardhat Chai Matchers plugin.
  • Interact with Hardhat Network with our Hardhat Network Helpers.
  • Verify the source code of your contracts with the hardhat-etherscan plugin.
  • Get metrics on the gas used by your contracts with the hardhat-gas-reporter plugin.
  • Measure your tests coverage with solidity-coverage.
  • And, if you are using TypeScript, get type bindings for your contracts with Typechain.

You can learn how to migrate to it here.

Hardhat Chai Matchers

@nomicfoundation/hardhat-chai-matchers is a drop-in replacement of @nomiclabs/hardhat-waffle that integrates more tightly with Hardhat, adds new functionality and improves its error messages. We recommend migrating to it.

Since the very beginning, we’ve recommended that people use Waffle, via hardhat-waffle, and we thank the team at TrueFi for their great work. However, for such a core component of the setup, there were too many recurring issues related to not being integrated deeply enough with Hardhat. For this reason, we decided to fork Waffle and release our own Chai matchers.

Some of its functionality and improvements:

  • All of hardhat-waffle’s matchers are supported
  • Great support for BigNumber and native bigint
    • No need to think about them anymore
    • Our matchers can compare any combination of
      • number
      • Native bigint
      • ethers.BigNumber
      • BN.js

... (truncated)

Commits
  • 3e55c74 Version Packages
  • 68cc513 Merge pull request #3044 from NomicFoundation/changeset-sol-v0.8.16
  • 4b20a74 Update tricky-horses-talk.md
  • 3e3fe7b Add changeset for support of Solidity 0.8.16
  • 5beaf0b Merge pull request #3026 from NomicFoundation/gene/hh-434
  • 85bd04e Merge pull request #2973 from NomicFoundation/gene/hh-973
  • 3644e3a Merge pull request #3010 from wchargin/wchargin-hardhat-common-peer-dep
  • 36ca875 Create popular-fishes-doubt.md
  • e4ed14f Merge pull request #3032 from NomicFoundation/gene/hh-1043
  • 3be1ded allow manual triggering of tracing CI test
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/learn-ocean/ocean-academy/network/alerts).
dependabot[bot] commented 1 year ago

Superseded by #164.