build(deps): bump @openzeppelin/contracts from 3.4.1 to 4.7.2

Bumps @openzeppelin/contracts from 3.4.1 to 4.7.2.

Release notes

Sourced from @openzeppelin/contracts's releases.

v4.7.2

:warning: This is a patch for three issues, including a high severity issue in GovernorVotesQuorumFraction. For more information visit the security advisories (1, 2, 3).

GovernorVotesQuorumFraction: Fixed quorum updates so they do not affect past proposals that failed due to lack of quorum. (#3561)

ERC165Checker: Added protection against large returndata. (#3587)

LibArbitrumL2, CrossChainEnabledArbitrumL2: Fixed detection of cross-chain calls for EOAs. Previously, calls from EOAs would be classified as cross-chain calls. (#3578)

v4.7.1

:warning: This is a patch for a medium severity issue affecting SignatureChecker and a high severity issue affecting ERC165Checker. For more information visit the security advisories (1, 2).

SignatureChecker: Fix an issue that causes isValidSignatureNow to revert when the target contract returns ill-encoded data. (#3552)

ERC165Checker: Fix an issue that causes supportsInterface to revert when the target contract returns ill-encoded data. (#3552)

v4.7.0

TimelockController: Migrate _call to _execute and allow inheritance and overriding similar to Governor. (#3317)

CrossChainEnabledPolygonChild: replace the require statement with the custom error NotCrossChainCall. (#3380)

ERC20FlashMint: Add customizable flash fee receiver. (#3327)

ERC4626: add an extension of ERC20 that implements the ERC4626 Tokenized Vault Standard. (#3171)

SafeERC20: add safePermit as mitigation against phantom permit functions. (#3280)

Math: add a mulDiv function that can round the result either up or down. (#3171)

Math: Add a sqrt function to compute square roots of integers, rounding either up or down. (#3242)

Strings: add a new overloaded function toHexString that converts an address with fixed length of 20 bytes to its not checksummed ASCII string hexadecimal representation. (#3403)

EnumerableMap: add new UintToUintMap map type. (#3338)

EnumerableMap: add new Bytes32ToUintMap map type. (#3416)

SafeCast: add support for many more types, using procedural code generation. (#3245)

MerkleProof: add multiProofVerify to prove multiple values are part of a Merkle tree. (#3276)

MerkleProof: add calldata versions of the functions to avoid copying input arrays to memory and save gas. (#3200)

ERC721, ERC1155: simplified revert reasons. (#3254, (#3438))

ERC721: removed redundant require statement. (#3434)

PaymentSplitter: add releasable getters. (#3350)

Initializable: refactored implementation of modifiers for easier understanding. (#3450)

Proxies: remove runtime check of ERC1967 storage slots. (#3455)

Breaking changes

Initializable: functions decorated with the modifier reinitializer(1) may no longer invoke each other.

v4.7.0-rc.0

This prerelease is now available for open review! Let us know your feedback and if you find any security issues.

We have a bug bounty with rewards of up to USD $25,000 and a special POAP for submitting a valid issue.

See the announcement for more details.

v4.6.0

crosschain: Add a new set of contracts for cross-chain applications. CrossChainEnabled is a base contract with instantiations for several chains and bridges, and AccessControlCrossChain is an extension of access control that allows cross-chain operation. (#3183)

AccessControl: add a virtual _checkRole(bytes32) function that can be overridden to alter the onlyRole modifier behavior. (#3137)

EnumerableMap: add new AddressToUintMap map type. (#3150)

EnumerableMap: add new Bytes32ToBytes32Map map type. (#3192)

ERC20FlashMint: support infinite allowance when paying back a flash loan. (#3226)

... (truncated)

Changelog

Sourced from @openzeppelin/contracts's changelog.

4.7.2

LibArbitrumL2, CrossChainEnabledArbitrumL2: Fixed detection of cross-chain calls for EOAs. Previously, calls from EOAs would be classified as cross-chain calls. (#3578)

GovernorVotesQuorumFraction: Fixed quorum updates so they do not affect past proposals that failed due to lack of quorum. (#3561)

ERC165Checker: Added protection against large returndata. (#3587)

4.7.1

SignatureChecker: Fix an issue that causes isValidSignatureNow to revert when the target contract returns ill-encoded data. (#3552)

ERC165Checker: Fix an issue that causes supportsInterface to revert when the target contract returns ill-encoded data. (#3552)

4.7.0 (2022-06-29)

TimelockController: Migrate _call to _execute and allow inheritance and overriding similar to Governor. (#3317)

CrossChainEnabledPolygonChild: replace the require statement with the custom error NotCrossChainCall. (#3380)

ERC20FlashMint: Add customizable flash fee receiver. (#3327)

ERC4626: add an extension of ERC20 that implements the ERC4626 Tokenized Vault Standard. (#3171)

SafeERC20: add safePermit as mitigation against phantom permit functions. (#3280)

Math: add a mulDiv function that can round the result either up or down. (#3171)

Math: Add a sqrt function to compute square roots of integers, rounding either up or down. (#3242)

Strings: add a new overloaded function toHexString that converts an address with fixed length of 20 bytes to its not checksummed ASCII string hexadecimal representation. (#3403)

EnumerableMap: add new UintToUintMap map type. (#3338)

EnumerableMap: add new Bytes32ToUintMap map type. (#3416)

SafeCast: add support for many more types, using procedural code generation. (#3245)

MerkleProof: add multiProofVerify to prove multiple values are part of a Merkle tree. (#3276)

MerkleProof: add calldata versions of the functions to avoid copying input arrays to memory and save gas. (#3200)

ERC721, ERC1155: simplified revert reasons. (#3254, (#3438))

ERC721: removed redundant require statement. (#3434)

PaymentSplitter: add releasable getters. (#3350)

Initializable: refactored implementation of modifiers for easier understanding. (#3450)

Proxies: remove runtime check of ERC1967 storage slots. (#3455)

Breaking changes

Initializable: functions decorated with the modifier reinitializer(1) may no longer invoke each other.

4.6.0 (2022-04-26)

crosschain: Add a new set of contracts for cross-chain applications. CrossChainEnabled is a base contract with instantiations for several chains and bridges, and AccessControlCrossChain is an extension of access control that allows cross-chain operation. (#3183)

AccessControl: add a virtual _checkRole(bytes32) function that can be overridden to alter the onlyRole modifier behavior. (#3137)

EnumerableMap: add new AddressToUintMap map type. (#3150)

EnumerableMap: add new Bytes32ToBytes32Map map type. (#3192)

ERC20FlashMint: support infinite allowance when paying back a flash loan. (#3226)

ERC20Wrapper: the decimals() function now tries to fetch the value from the underlying token instance. If that calls revert, then the default value is used. (#3259)

draft-ERC20Permit: replace immutable with constant for _PERMIT_TYPEHASH since the keccak256 of string literals is treated specially and the hash is evaluated at compile time. (#3196)

ERC1155: Add a _afterTokenTransfer hook for improved extensibility. (#3166)

ERC1155URIStorage: add a new extension that implements a _setURI behavior similar to ERC721's _setTokenURI. (#3210)

DoubleEndedQueue: a new data structure that supports efficient push and pop to both front and back, useful for FIFO and LIFO queues. (#3153)

Governor: improved security of onlyGovernance modifier when using an external executor contract (e.g. a timelock) that can operate without necessarily going through the governance protocol. (#3147)

Governor: Add a way to parameterize votes. This can be used to implement voting systems such as fractionalized voting, ERC721 based voting, or any number of other systems. The params argument added to _countVote method, and included in the newly added _getVotes method, can be used by counting and voting modules respectively for such purposes. (#3043)

... (truncated)

Commits

64e4820 4.7.2
b66fe16 Update changelog
8fb5f57 Avoid returnbomb in ERC165Checker (#3587)
67b2572 Keep track of historical quorum values (#3561)
4337192 Fix arbitrum L1 to L2 crosschain call detection (#3578)
41c7b25 Fix error in documentation and typo (#3567)
e15862f Remove test for feature not in 4.7
3b8b4ba 4.7.1
212de08 Fix issues caused by abi.decode reverting (#3552)
8c49ad7 4.7.0
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

rsksmart / rif-marketplace-storage

build(deps): bump @openzeppelin/contracts from 3.4.1 to 4.7.2 #404

v4.7.2

v4.7.1

v4.7.0

Breaking changes

v4.7.0-rc.0

v4.6.0

4.7.2

4.7.1

4.7.0 (2022-06-29)

Breaking changes

4.6.0 (2022-04-26)