Bump the npm_and_yarn group across 4 directories with 7 updates #30

dependabot · 2024-04-23T03:28:53Z

Bumps the npm_and_yarn group with 4 updates in the /packages/app directory: cross-fetch, express, minimist and tar.
Bumps the npm_and_yarn group with 6 updates in the /packages/evm directory:

Package	From	To
cross-fetch	`2.2.5`	`2.2.6`
express	`4.17.1`	`4.19.2`
minimist	`1.2.5`	`1.2.8`
qs	`6.5.2`	`6.5.3`
@openzeppelin/contracts	`4.3.1`	`4.9.6`
@openzeppelin/contracts-upgradeable	`4.3.1`	`4.9.6`

Bumps the npm_and_yarn group with 2 updates in the /packages/sdk directory: express and minimist.
Bumps the npm_and_yarn group with 1 update in the /packages/subgraph directory: tar.

Updates cross-fetch from 2.2.5 to 2.2.6

Commits

bfe5fe2 2.2.6
1a89b66 added caret range to whatwg-fetch.
695a888 removed and disabled package-lock.json.
eac6c00 Update away from vulnerable version of node-fetch (#135)
See full diff in compare view

Updates express from 4.17.2 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

Fix ci after location patch by @wesleytodd in expressjs/express#5552

fixed un-edited version in history.md for 4.19.0 by @wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

fix typo in release date by @UlisesGascon in expressjs/express#5527

docs: nominating @wesleytodd to be project captian by @wesleytodd in expressjs/express#5511

docs: loosen TC activity rules by @wesleytodd in expressjs/express#5510

Add note on how to update docs for new release by @crandmck in expressjs/express#5541

Prevent open redirect allow list bypass due to encodeurl

Release 4.19.0 by @wesleytodd in expressjs/express#5551

New Contributors

@crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

Fix routing requests without method

deps: [email protected]

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: [email protected]

Other Changes

Use https: protocol instead of deprecated git: protocol by @vcsjones in expressjs/express#5032

build: [email protected] and [email protected] by @abenhamdine in expressjs/express#5034

ci: update actions/checkout to v3 by @armujahid in expressjs/express#5027

test: remove unused function arguments in params by @raksbisht in expressjs/express#5124

Remove unused originalIndex from acceptParams by @raksbisht in expressjs/express#5119

Fixed typos by @raksbisht in expressjs/express#5117

examples: remove unused params by @raksbisht in expressjs/express#5113

fix: parameter str is not described in JSDoc by @raksbisht in expressjs/express#5130

fix: typos in History.md by @raksbisht in expressjs/express#5131

build : add [email protected] by @abenhamdine in expressjs/express#5028

test: remove unused function arguments in params by @raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

Prevent open redirect allow list bypass due to encodeurl

deps: [email protected]

4.18.3 / 2024-02-29

Fix routing requests without method

deps: [email protected]

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: [email protected]

deps: [email protected]

Add partitioned option

4.18.2 / 2022-10-08

Fix regression routing a large stack in a single route

deps: [email protected]

deps: [email protected]

perf: remove unnecessary object clone

deps: [email protected]

4.18.1 / 2022-04-29

Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

Add "root" option to res.download

Allow options without filename in res.download

Deprecate string and non-integer arguments to res.status

Fix behavior of null/undefined as maxAge in res.cookie

Fix handling very large stacks of sync middleware

Ignore Object.prototype values in settings through app.set/app.get

... (truncated)

Commits

04bc627 4.19.2
da4d763 Improved fix for open redirect allow list bypass
4f0f6cc 4.19.1
a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
a1fa90f fixed un-edited version in history.md for 4.19.0
11f2b1d build: fix build due to inconsistent supertest behavior in older versions
084e365 4.19.0
0867302 Prevent open redirect allow list bypass due to encodeurl
567c9c6 Add note on how to update docs for new release (#5541)
69a4cf2 deps: [email protected]
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates minimist from 1.2.5 to 1.2.8

Changelog

Sourced from minimist's changelog.

v1.2.8 - 2023-02-09

Merged

[Fix] Fix long option followed by single dash [#17](https://github.com/minimistjs/minimist/issues/17)

[Tests] Remove duplicate test [#12](https://github.com/minimistjs/minimist/issues/12)

[Fix] opt.string works with multiple aliases [#10](https://github.com/minimistjs/minimist/issues/10)

Fixed

[Fix] Fix long option followed by single dash (#17) [#15](https://github.com/minimistjs/minimist/issues/15)

[Tests] Remove duplicate test (#12) [#8](https://github.com/minimistjs/minimist/issues/8)

[Fix] Fix long option followed by single dash [#15](https://github.com/minimistjs/minimist/issues/15)

[Fix] opt.string works with multiple aliases (#10) [#9](https://github.com/minimistjs/minimist/issues/9)

[Fix] Fix handling of short option with non-trivial equals [#5](https://github.com/minimistjs/minimist/issues/5)

[Tests] Remove duplicate test [#8](https://github.com/minimistjs/minimist/issues/8)

[Fix] opt.string works with multiple aliases [#9](https://github.com/minimistjs/minimist/issues/9)

Commits

Merge tag 'v0.2.3' a026794

[eslint] fix indentation and whitespace 5368ca4

[eslint] fix indentation and whitespace e5f5067

[eslint] more cleanup 62fde7d

[eslint] more cleanup 36ac5d0

[meta] add auto-changelog 73923d2

[actions] add reusable workflows d80727d

[eslint] add eslint; rules to enable later are warnings 48bc06a

[eslint] fix indentation 34b0f1c

[readme] rename and add badges 5df0fe4

[Dev Deps] switch from covert to nyc a48b128

[Dev Deps] update covert, tape; remove unnecessary tap f0fb958

[meta] create FUNDING.yml; add funding in package.json 3639e0c

[meta] use npmignore to autogenerate an npmignore file be2e038

Only apps should have lockfiles 282b570

isConstructorOrProto adapted from PR ef9153f

[Dev Deps] update @ljharb/eslint-config, aud 098873c

[Dev Deps] update @ljharb/eslint-config, aud 3124ed3

[meta] add safe-publish-latest 4b927de

[Tests] add aud in posttest b32d9bd

[meta] update repo URLs f9fdfc0

[actions] Avoid 0.6 tests due to build failures ba92fe6

[Dev Deps] update tape 950eaa7

[Dev Deps] add missing npmignore dev dep 3226afa

Merge tag 'v0.2.2' 980d7ac

v1.2.7 - 2022-10-10

Commits

... (truncated)

Commits

6901ee2 v1.2.8
a026794 Merge tag 'v0.2.3'
c0b2661 v0.2.3
63b8fee [Fix] Fix long option followed by single dash (#17)
72239e6 [Tests] Remove duplicate test (#12)
34b0f1c [eslint] fix indentation
3226afa [Dev Deps] add missing npmignore dev dep
098873c [Dev Deps] update @ljharb/eslint-config, aud
9ec4d27 [Fix] Fix long option followed by single dash
ba92fe6 [actions] Avoid 0.6 tests due to build failures
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for minimist since your current version.

Updates tar from 6.1.11 to 6.2.1

Release notes

Sourced from tar's releases.

v6.1.13

6.1.13 (2022-12-07)

Dependencies

cc4e0dd #343 bump minipass from 3.3.6 to 4.0.0

v6.1.12

6.1.12 (2022-10-31)

Bug Fixes

57493ee #332 ensuring close event is emited after stream has ended (@webark)

b003c64 #314 replace deprecated String.prototype.substr() (#314) (@CommanderRoot, @lukekarrys)

Documentation

f129929 #313 remove dead link to benchmarks (#313) (@yetzt)

c1faa9f add examples/explanation of using tar.t (@isaacs)

Changelog

Sourced from tar's changelog.

Changelog

7.0

Rewrite in TypeScript, provide ESM and CommonJS hybrid interface

Add tree-shake friendly exports, like import('tar/create') and import('tar/read-entry') to get individual functions or classes.

Add chmod option that defaults to false, and deprecate noChmod. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.

Add processUmask option to avoid having to call process.umask() when chmod: true (or noChmod: false) is set.

6.2

Add support for brotli compression

Add maxDepth option to prevent extraction into excessively deep folders.

6.1

remove dead link to benchmarks (#313) (@yetzt)

add examples/explanation of using tar.t (@isaacs)

ensure close event is emited after stream has ended (@webark)

replace deprecated String.prototype.substr() (@CommanderRoot, @lukekarrys)

6.0

Drop support for node 6 and 8

fix symlinks and hardlinks on windows being packed with \-style path targets

5.0

Address unpack race conditions using path reservations

Change large-numbers errors from TypeError to Error

Add TAR_* error codes

Raise TAR_BAD_ARCHIVE warning/error when there are no valid entries found in an archive

do not treat ignored entries as an invalid archive

drop support for node v4

unpack: conditionally use a file mapping to write files on Windows

Set more portable 'mode' value in portable mode

Set portable gzip option in portable mode

... (truncated)

Commits

bef7b1e 6.2.1
fe8cd57 prevent extraction in excessively deep subfolders
fe7ebfd remove security.md
5bc9d40 6.2.0
fe1ef5e changelog 6.2
e483220 get rid of npm lint stuff
689928a ci that works outside of npm org
db6f539 file inference improvements for .tbr and .tgz
336fa8f refactor: dry and other pr comments
eeba222 chore: lint fixes
Additional commits viewable in compare view

Updates cross-fetch from 2.2.5 to 2.2.6

Commits

bfe5fe2 2.2.6
1a89b66 added caret range to whatwg-fetch.
695a888 removed and disabled package-lock.json.
eac6c00 Update away from vulnerable version of node-fetch (#135)
See full diff in compare view

Updates express from 4.17.1 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

Fix ci after location patch by @wesleytodd in expressjs/express#5552

fixed un-edited version in history.md for 4.19.0 by @wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

fix typo in release date by @UlisesGascon in expressjs/express#5527

docs: nominating @wesleytodd to be project captian by @wesleytodd in expressjs/express#5511

docs: loosen TC activity rules by @wesleytodd in expressjs/express#5510

Add note on how to update docs for new release by @crandmck in expressjs/express#5541

Prevent open redirect allow list bypass due to encodeurl

Release 4.19.0 by @wesleytodd in expressjs/express#5551

New Contributors

@crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

Fix routing requests without method

deps: [email protected]

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: [email protected]

Other Changes

Use https: protocol instead of deprecated git: protocol by @vcsjones in expressjs/express#5032

build: [email protected] and [email protected] by @abenhamdine in expressjs/express#5034

ci: update actions/checkout to v3 by @armujahid in expressjs/express#5027

test: remove unused function arguments in params by @raksbisht in expressjs/express#5124

Remove unused originalIndex from acceptParams by @raksbisht in expressjs/express#5119

Fixed typos by @raksbisht in expressjs/express#5117

examples: remove unused params by @raksbisht in expressjs/express#5113

fix: parameter str is not described in JSDoc by @raksbisht in expressjs/express#5130

fix: typos in History.md by @raksbisht in expressjs/express#5131

build : add [email protected] by @abenhamdine in expressjs/express#5028

test: remove unused function arguments in params by @raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

Prevent open redirect allow list bypass due to encodeurl

deps: [email protected]

4.18.3 / 2024-02-29

Fix routing requests without method

deps: [email protected]

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: [email protected]

deps: [email protected]

Add partitioned option

4.18.2 / 2022-10-08

Fix regression routing a large stack in a single route

deps: [email protected]

deps: [email protected]

perf: remove unnecessary object clone

deps: [email protected]

4.18.1 / 2022-04-29

Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

Add "root" option to res.download

Allow options without filename in res.download

Deprecate string and non-integer arguments to res.status

Fix behavior of null/undefined as maxAge in res.cookie

Fix handling very large stacks of sync middleware

Ignore Object.prototype values in settings through app.set/app.get

... (truncated)

Commits

04bc627 4.19.2
da4d763 Improved fix for open redirect allow list bypass
4f0f6cc 4.19.1
a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
a1fa90f fixed un-edited version in history.md for 4.19.0
11f2b1d build: fix build due to inconsistent supertest behavior in older versions
084e365 4.19.0
0867302 Prevent open redirect allow list bypass due to encodeurl
567c9c6 Add note on how to update docs for new release (#5541)
69a4cf2 deps: [email protected]
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates minimist from 1.2.5 to 1.2.8

Changelog

Sourced from minimist's changelog.

v1.2.8 - 2023-02-09

Merged

[Fix] Fix long option followed by single dash [#17](https://github.com/minimistjs/minimist/issues/17)

[Tests] Remove duplicate test [#12](https://github.com/minimistjs/minimist/issues/12)

[Fix] opt.string works with multiple aliases [#10](https://github.com/minimistjs/minimist/issues/10)

Fixed

[Fix] Fix long option followed by single dash (#17) [#15](https://github.com/minimistjs/minimist/issues/15)

[Tests] Remove duplicate test (#12) [#8](https://github.com/minimistjs/minimist/issues/8)

[Fix] Fix long option followed by single dash [#15](https://github.com/minimistjs/minimist/issues/15)

[Fix] opt.string works with multiple aliases (#10) [#9](https://github.com/minimistjs/minimist/issues/9)

[Fix] Fix handling of short option with non-trivial equals [#5](https://github.com/minimistjs/minimist/issues/5)

[Tests] Remove duplicate test [#8](https://github.com/minimistjs/minimist/issues/8)

[Fix] opt.string works with multiple aliases [#9](https://github.com/minimistjs/minimist/issues/9)

Commits

Merge tag 'v0.2.3' a026794

[eslint] fix indentation and whitespace 5368ca4

[eslint] fix indentation and whitespace e5f5067

[eslint] more cleanup 62fde7d

[eslint] more cleanup 36ac5d0

[meta] add auto-changelog 73923d2

[actions] add reusable workflows d80727d

[eslint] add eslint; rules to enable later are warnings 48bc06a

[eslint] fix indentation 34b0f1c

[readme] rename and add badges 5df0fe4

[Dev Deps] switch from covert to nyc a48b128

[Dev Deps] update covert, tape; remove unnecessary tap f0fb958

[meta] create FUNDING.yml; add funding in package.json 3639e0c

[meta] use npmignore to autogenerate an npmignore file be2e038

Only apps should have lockfiles 282b570

isConstructorOrProto adapted from PR ef9153f

[Dev Deps] update @ljharb/eslint-config, aud 098873c

[Dev Deps] update @ljharb/eslint-config, aud 3124ed3

[meta] add safe-publish-latest 4b927de

[Tests] add aud in posttest b32d9bd

[meta] update repo URLs f9fdfc0

[actions] Avoid 0.6 tests due to build failures ba92fe6

[Dev Deps] update tape 950eaa7

[Dev Deps] add missing npmignore dev dep 3226afa

Merge tag 'v0.2.2' 980d7ac

v1.2.7 - 2022-10-10

Commits

... (truncated)

Commits

6901ee2 v1.2.8
a026794 Merge tag 'v0.2.3'
c0b2661 v0.2.3
63b8fee [Fix] Fix long option followed by single dash (#17)
72239e6 [Tests] Remove duplicate test (#12)
34b0f1c [eslint] fix indentation
3226afa [Dev Deps] add missing npmignore dev dep
098873c [Dev Deps] update @ljharb/eslint-config, aud
9ec4d27 [Fix] Fix long option followed by single dash
ba92fe6 [actions] Avoid 0.6 tests due to build failures
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for minimist since your current version.

Updates qs from 6.5.2 to 6.5.3

Changelog

Sourced from qs's changelog.

6.5.3

[Fix] parse: ignore __proto__ keys (#428)

[Fix] utils.merge: avoid a crash with a null target and a truthy non-array source

[Fix] correctly parse nested arrays

[Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)

[Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided

[Fix] when parseArrays is false, properly handle keys ending in []

[Fix] fix for an impossible situation: when the formatter is called with a non-string value

[Fix] utils.merge: avoid a crash with a null target and an array source

[Refactor] utils: reduce observable [[Get]]s

[Refactor] use cached Array.isArray

[Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)

[Refactor] parse: only need to reassign the var once

[Robustness] stringify: avoid relying on a global undefined (#427)

[readme] remove travis badge; add github actions/codecov badges; update URLs

[Docs] Clean up license text so it’s properly detected as BSD-3-Clause

[Docs] Clarify the need for "arrayLimit" option

[meta] fix README.md (#399)

[meta] add FUNDING.yml

[actions] backport actions from main

[Tests] always use String(x) over x.toString()

[Tests] remove nonexistent tape option

[Dev Deps] backport from main

Commits

298bfa5 v6.5.3
ed0f5dc [Fix] parse: ignore __proto__ keys (#428)
691e739 [Robustness] stringify: avoid relying on a global undefined (#427)
1072d57 [readme] remove travis badge; add github actions/codecov badges; update URLs
12ac1c4 [meta] fix README.md (#399)
0338716 [actions] backport actions from main
5639c20 Clean up license text so it’s properly detected as BSD-3-Clause
51b8a0b add FUNDING.yml
45f6759 [Fix] fix for an impossible situation: when the formatter is called with a no...
f814a7f [Dev Deps] backport from main
Additional commits viewable in compare view

Updates @openzeppelin/contracts from 4.3.1 to 4.9.6

Release notes

Sourced from @openzeppelin/contracts's releases.

v4.9.6

Base64: Fix issue where dirty memory located just after the input buffer is affecting the result. (#4929)

v4.9.5

Multicall: Make aware of non-canonical context (i.e. msg.sender is not _msgSender()), allowing compatibility with ERC2771Context. Patch duplicated Address.functionDelegateCall in v4.9.4 (removed).

v4.9.4

ERC2771Context and Context: Introduce a _contextPrefixLength() getter, used to trim extra information appended to msg.data.

Multicall: Make aware of non-canonical context (i.e. msg.sender is not _msgSender()), allowing compatibility with ERC2771Context.

v4.9.3

Note This release contains a fix for GHSA-g4vp-m682-qqmp.

ERC2771Context: Return the forwarder address whenever the msg.data of a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length is less than 20 bytes), as specified by ERC-2771. (#4481)

ERC2771Context: Prevent revert in _msgData() when a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length is less than 20 bytes). Return the full calldata in that case. (#4484)

v4.9.2

Note This release contains a fix for GHSA-wprv-93r4-jj2p.

MerkleProof: Fix a bug in processMultiProof and processMultiProofCalldata that allows proving arbitrary leaves if the tree contains a node with value 0 at depth 1.

v4.9.1

Note This release contains a fix for GHSA-5h3x-9wvq-w4m2.

Governor: Add a mechanism to restrict the address of the proposer using a suffix in the description.

v4.9.0

ReentrancyGuard: Add a _reentrancyGuardEntered function to expose the guard status. (#3714)

ERC721Wrapper: add a new extension of the ERC721 token which wraps an underlying token. Deposit and withdraw guarantee that the ownership of each token is backed by a corresponding underlying token with the same identifier. (#3863)

EnumerableMap: add a keys() function that returns an array containing all the keys. (#3920)

Governor: add a public cancel(uint256) function. (#3983)

Governor: Enable timestamp operation for blockchains without a stable block time. This is achieved by connecting a Governor's internal clock to match a voting token's EIP-6372 interface. (#3934)

Strings: add equal method. (#3774)

IERC5313: Add an interface for EIP-5313 that is now final. (#4013)

IERC4906: Add an interface for ERC-4906 that is now Final. (#4012)

StorageSlot: Add support for string and bytes. (#4008)

Votes, ERC20Votes, ERC721Votes: support timestamp checkpointing using EIP-6372. (#3934)

ERC4626: Add mitigation to the inflation attack through virtual shares and assets. (#3979)

Strings: add toString method for signed integers. (#3773)

ERC20Wrapper: Make the underlying variable private and add a public accessor. (#4029)

EIP712: add EIP-5267 support for better domain discovery. (#3969)

AccessControlDefaultAdminRules: Add an extension of AccessControl with additional security rules for the DEFAULT_ADMIN_ROLE. (#4009)

SignatureChecker: Add isValidERC1271SignatureNow for checking a signature directly against a smart contract using ERC-1271. (#3932)

SafeERC20: Add a forceApprove function to improve compatibility with tokens behaving like USDT. (#4067)

... (truncated)

Changelog

Sourced from @openzeppelin/contracts's changelog.

4.9.6 (2024-02-29)

Base64: Fix issue where dirty memory located just after the input buffer is affecting the result. (#4929)

4.9.5 (2023-12-08)

Multicall: Make aware of non-canonical context (i.e. msg.sender is not _msgSender()), allowing compatibility with ERC2771Context. Patch duplicated Address.functionDelegateCall in v4.9.4 (removed).

4.9.3 (2023-07-28)

ERC2771Context: Return the forwarder address whenever the msg.data of a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length is less than 20 bytes), as specified by ERC-2771. (#4481)

ERC2771Context: Prevent revert in _msgData() when a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length is less than 20 bytes). Return the full calldata in that case. (#4484)

4.9.2 (2023-06-16)

MerkleProof: Fix a bug in processMultiProof and processMultiProofCalldata that allows proving arbitrary leaves if the tree contains a node with value 0 at depth 1.

4.9.1 (2023-06-07)

Governor: Add a mechanism to restrict the address of the proposer using a suffix in the description.

4.9.0 (2023-05-23)

ReentrancyGuard: Add a _reentrancyGuardEntered function to expose the guard status. (#3714)

ERC721Wrapper: add a new extension of the ERC721 token which wraps an underlying token. Deposit and withdraw guarantee that the ownership of each token is backed by a corresponding underlying token with the same identifier. (#3863)

EnumerableMap: add a keys() function that returns an array containing all the keys. (#3920)

Governor: add a public cancel(uint256) function. (#3983)

Governor: Enable timestamp operation for blockchains without a stable block time. This is achieved by connecting a Governor's internal clock to match a voting token's EIP-6372 interface. (#3934)

Strings: add equal method. (#3774)

IERC5313: Add an interface for EIP-5313 that is now final. (#4013)

IERC4906: Add an interface for ERC-4906 that is now Final. (#4012)

StorageSlot: Add support for string and bytes. (#4008)

Votes, ERC20Votes, ERC721Votes: support timestamp checkpointing using EIP-6372. (#3934)

ERC4626: Add mitigation to the inflation attack through virtual shares and assets. (#3979)

Strings: add toString method for signed integers. (#3773)

ERC20Wrapper: Make the underlying variable private and add a public accessor. (#4029)

EIP712: add EIP-5267 support for better domain discovery. (#3969)

AccessControlDefaultAdminRules: Add an extension of AccessControl with additional security rules for the DEFAULT_ADMIN_ROLE. (#4009)

SignatureChecker: Add isValidERC1271SignatureNow for checking a signature directly against a smart contract using ERC-1271. (#3932)

SafeERC20: Add a forceApprove function to improve compatibility with tokens behaving like USDT. (#4067)

ERC1967Upgrade: removed contract-wide oz-upgrades-unsafe-allow delegatecall annotation, replaced by granular annotation in UUPSUpgradeable. (#3971)

ERC20Wrapper: self wrapping and deposit by the wrapper itself are now explicitly forbidden. (#4100)

ECDSA: optimize bytes32 computation by using assembly instead of abi.encodePacked. (#3853)

ERC721URIStorage: Emit ERC-490...
Description has been truncated

Bumps the npm_and_yarn group with 4 updates in the /packages/app directory: [cross-fetch](https://github.com/lquixada/cross-fetch), [express](https://github.com/expressjs/express), [minimist](https://github.com/minimistjs/minimist) and [tar](https://github.com/isaacs/node-tar). Bumps the npm_and_yarn group with 6 updates in the /packages/evm directory: | Package | From | To | | --- | --- | --- | | [cross-fetch](https://github.com/lquixada/cross-fetch) | `2.2.5` | `2.2.6` | | [express](https://github.com/expressjs/express) | `4.17.1` | `4.19.2` | | [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` | | [qs](https://github.com/ljharb/qs) | `6.5.2` | `6.5.3` | | [@openzeppelin/contracts](https://github.com/OpenZeppelin/openzeppelin-contracts) | `4.3.1` | `4.9.6` | | [@openzeppelin/contracts-upgradeable](https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable) | `4.3.1` | `4.9.6` | Bumps the npm_and_yarn group with 2 updates in the /packages/sdk directory: [express](https://github.com/expressjs/express) and [minimist](https://github.com/minimistjs/minimist). Bumps the npm_and_yarn group with 1 update in the /packages/subgraph directory: [tar](https://github.com/isaacs/node-tar). Updates `cross-fetch` from 2.2.5 to 2.2.6 - [Release notes](https://github.com/lquixada/cross-fetch/releases) - [Changelog](https://github.com/lquixada/cross-fetch/blob/v4.x/CHANGELOG.md) - [Commits](lquixada/cross-fetch@v2.2.5...v2.2.6) Updates `express` from 4.17.2 to 4.19.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.17.2...4.19.2) Updates `minimist` from 1.2.5 to 1.2.8 - [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md) - [Commits](minimistjs/minimist@v1.2.5...v1.2.8) Updates `tar` from 6.1.11 to 6.2.1 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v6.1.11...v6.2.1) Updates `cross-fetch` from 2.2.5 to 2.2.6 - [Release notes](https://github.com/lquixada/cross-fetch/releases) - [Changelog](https://github.com/lquixada/cross-fetch/blob/v4.x/CHANGELOG.md) - [Commits](lquixada/cross-fetch@v2.2.5...v2.2.6) Updates `express` from 4.17.1 to 4.19.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.17.2...4.19.2) Updates `minimist` from 1.2.5 to 1.2.8 - [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md) - [Commits](minimistjs/minimist@v1.2.5...v1.2.8) Updates `qs` from 6.5.2 to 6.5.3 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.5.2...v6.5.3) Updates `@openzeppelin/contracts` from 4.3.1 to 4.9.6 - [Release notes](https://github.com/OpenZeppelin/openzeppelin-contracts/releases) - [Changelog](https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/CHANGELOG.md) - [Commits](OpenZeppelin/openzeppelin-contracts@v4.3.1...v4.9.6) Updates `@openzeppelin/contracts-upgradeable` from 4.3.1 to 4.9.6 - [Release notes](https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/releases) - [Changelog](https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/blob/master/CHANGELOG.md) - [Commits](OpenZeppelin/openzeppelin-contracts-upgradeable@v4.3.1...v4.9.6) Updates `express` from 4.18.1 to 4.19.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.17.2...4.19.2) Updates `minimist` from 1.2.6 to 1.2.8 - [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md) - [Commits](minimistjs/minimist@v1.2.5...v1.2.8) Updates `tar` from 6.2.0 to 6.2.1 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v6.1.11...v6.2.1) --- updated-dependencies: - dependency-name: cross-fetch dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimist dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cross-fetch dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimist dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@openzeppelin/contracts" dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@openzeppelin/contracts-upgradeable" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimist dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added the dependencies Pull requests that update a dependency file label Apr 23, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group across 4 directories with 7 updates #30

Bump the npm_and_yarn group across 4 directories with 7 updates #30

dependabot bot commented on behalf of github Apr 23, 2024

Bump the npm_and_yarn group across 4 directories with 7 updates #30

Are you sure you want to change the base?

Bump the npm_and_yarn group across 4 directories with 7 updates #30

Conversation

dependabot bot commented on behalf of github Apr 23, 2024

4.19.2

What's Changed

4.19.1

What's Changed

4.19.0

What's Changed

New Contributors

4.18.3

Main Changes

Other Changes

4.19.2 / 2024-03-25

4.19.1 / 2024-03-20

4.19.0 / 2024-03-20

4.18.3 / 2024-02-29

4.18.2 / 2022-10-08

4.18.1 / 2022-04-29

4.18.0 / 2022-04-25

v1.2.8 - 2023-02-09

Merged

Fixed

Commits

v1.2.7 - 2022-10-10

Commits

v6.1.13

6.1.13 (2022-12-07)

Dependencies

v6.1.12

6.1.12 (2022-10-31)

Bug Fixes

Documentation

Changelog

7.0

6.2

6.1

6.0

5.0

4.19.2

What's Changed

4.19.1

What's Changed

4.19.0

What's Changed

New Contributors

4.18.3

Main Changes

Other Changes

4.19.2 / 2024-03-25

4.19.1 / 2024-03-20

4.19.0 / 2024-03-20

4.18.3 / 2024-02-29

4.18.2 / 2022-10-08

4.18.1 / 2022-04-29

4.18.0 / 2022-04-25

v1.2.8 - 2023-02-09

Merged

Fixed

Commits

v1.2.7 - 2022-10-10

Commits

6.5.3

v4.9.6

v4.9.5

v4.9.4

v4.9.3

v4.9.2

v4.9.1

v4.9.0

4.9.6 (2024-02-29)

4.9.5 (2023-12-08)

4.9.3 (2023-07-28)

4.9.2 (2023-06-16)

4.9.1 (2023-06-07)

4.9.0 (2023-05-23)