Scaffold-Eth 🏗 examples repo

  • By scaffold-eth
  • Last update: Jan 2, 2023
  • Comments: 17

🏗 Scaffold-ETH

everything you need to build on Ethereum! 🚀

🧪 Quickly experiment with Solidity using a frontend that adapts to your smart contract:

image

🏄‍♂️ Quick Start

Prerequisites: Node plus Yarn and Git

clone/fork 🏗 scaffold-eth:

git clone https://github.com/scaffold-eth/scaffold-eth-examples.git

install and start your 👷‍ Hardhat chain:

cd scaffold-eth-examples
yarn install
yarn chain

in a second terminal window, start your 📱 frontend:

cd scaffold-eth-examples
yarn start

in a third terminal window, 🛰 deploy your contract:

cd scaffold-eth-examples
yarn deploy

🔏 Edit your smart contract YourContract.sol in packages/hardhat/contracts

📝 Edit your frontend App.jsx in packages/react-app/src

💼 Edit your deployment scripts in packages/hardhat/deploy

📱 Open http://localhost:3000 to see the app

📚 Documentation

Documentation, tutorials, challenges, and many more resources, visit: docs.scaffoldeth.io

🔭 Learning Solidity

📕 Read the docs: https://docs.soliditylang.org

📚 Go through each topic from solidity by example editing YourContract.sol in 🏗 scaffold-eth

📧 Learn the Solidity globals and units

🛠 Buidl

Check out all the active branches, open issues, and join/fund the 🏰 BuidlGuidl!

💬 Support Chat

Join the telegram support chat 💬 to ask questions and find others building with 🏗 scaffold-eth!


🙏 Please check out our Gitcoin grant too!

Github

https://github.com/scaffold-eth/scaffold-eth-examples

Comments(17)

  • 1

    Bump @openzeppelin/contracts from 4.3.3 to 4.7.2

    Bumps @openzeppelin/contracts from 4.3.3 to 4.7.2.

    Release notes

    Sourced from @​openzeppelin/contracts's releases.

    v4.7.2

    :warning: This is a patch for three issues, including a high severity issue in GovernorVotesQuorumFraction. For more information visit the security advisories (1, 2, 3).

    1. GovernorVotesQuorumFraction: Fixed quorum updates so they do not affect past proposals that failed due to lack of quorum. (#3561)
    2. ERC165Checker: Added protection against large returndata. (#3587)
    3. LibArbitrumL2, CrossChainEnabledArbitrumL2: Fixed detection of cross-chain calls for EOAs. Previously, calls from EOAs would be classified as cross-chain calls. (#3578)

    v4.7.1

    :warning: This is a patch for a medium severity issue affecting SignatureChecker and a high severity issue affecting ERC165Checker. For more information visit the security advisories (1, 2).

    • SignatureChecker: Fix an issue that causes isValidSignatureNow to revert when the target contract returns ill-encoded data. (#3552)
    • ERC165Checker: Fix an issue that causes supportsInterface to revert when the target contract returns ill-encoded data. (#3552)

    v4.7.0

    • TimelockController: Migrate _call to _execute and allow inheritance and overriding similar to Governor. (#3317)
    • CrossChainEnabledPolygonChild: replace the require statement with the custom error NotCrossChainCall. (#3380)
    • ERC20FlashMint: Add customizable flash fee receiver. (#3327)
    • ERC4626: add an extension of ERC20 that implements the ERC4626 Tokenized Vault Standard. (#3171)
    • SafeERC20: add safePermit as mitigation against phantom permit functions. (#3280)
    • Math: add a mulDiv function that can round the result either up or down. (#3171)
    • Math: Add a sqrt function to compute square roots of integers, rounding either up or down. (#3242)
    • Strings: add a new overloaded function toHexString that converts an address with fixed length of 20 bytes to its not checksummed ASCII string hexadecimal representation. (#3403)
    • EnumerableMap: add new UintToUintMap map type. (#3338)
    • EnumerableMap: add new Bytes32ToUintMap map type. (#3416)
    • SafeCast: add support for many more types, using procedural code generation. (#3245)
    • MerkleProof: add multiProofVerify to prove multiple values are part of a Merkle tree. (#3276)
    • MerkleProof: add calldata versions of the functions to avoid copying input arrays to memory and save gas. (#3200)
    • ERC721, ERC1155: simplified revert reasons. (#3254, (#3438))
    • ERC721: removed redundant require statement. (#3434)
    • PaymentSplitter: add releasable getters. (#3350)
    • Initializable: refactored implementation of modifiers for easier understanding. (#3450)
    • Proxies: remove runtime check of ERC1967 storage slots. (#3455)

    Breaking changes

    • Initializable: functions decorated with the modifier reinitializer(1) may no longer invoke each other.

    v4.7.0-rc.0

    This prerelease is now available for open review! Let us know your feedback and if you find any security issues.

    We have a bug bounty with rewards of up to USD $25,000 and a special POAP for submitting a valid issue.

    See the announcement for more details.

    v4.6.0

    • crosschain: Add a new set of contracts for cross-chain applications. CrossChainEnabled is a base contract with instantiations for several chains and bridges, and AccessControlCrossChain is an extension of access control that allows cross-chain operation. (#3183)
    • AccessControl: add a virtual _checkRole(bytes32) function that can be overridden to alter the onlyRole modifier behavior. (#3137)
    • EnumerableMap: add new AddressToUintMap map type. (#3150)
    • EnumerableMap: add new Bytes32ToBytes32Map map type. (#3192)
    • ERC20FlashMint: support infinite allowance when paying back a flash loan. (#3226)

    ... (truncated)

    Changelog

    Sourced from @​openzeppelin/contracts's changelog.

    4.7.2

    • LibArbitrumL2, CrossChainEnabledArbitrumL2: Fixed detection of cross-chain calls for EOAs. Previously, calls from EOAs would be classified as cross-chain calls. (#3578)
    • GovernorVotesQuorumFraction: Fixed quorum updates so they do not affect past proposals that failed due to lack of quorum. (#3561)
    • ERC165Checker: Added protection against large returndata. (#3587)

    4.7.1

    • SignatureChecker: Fix an issue that causes isValidSignatureNow to revert when the target contract returns ill-encoded data. (#3552)
    • ERC165Checker: Fix an issue that causes supportsInterface to revert when the target contract returns ill-encoded data. (#3552)

    4.7.0 (2022-06-29)

    • TimelockController: Migrate _call to _execute and allow inheritance and overriding similar to Governor. (#3317)
    • CrossChainEnabledPolygonChild: replace the require statement with the custom error NotCrossChainCall. (#3380)
    • ERC20FlashMint: Add customizable flash fee receiver. (#3327)
    • ERC4626: add an extension of ERC20 that implements the ERC4626 Tokenized Vault Standard. (#3171)
    • SafeERC20: add safePermit as mitigation against phantom permit functions. (#3280)
    • Math: add a mulDiv function that can round the result either up or down. (#3171)
    • Math: Add a sqrt function to compute square roots of integers, rounding either up or down. (#3242)
    • Strings: add a new overloaded function toHexString that converts an address with fixed length of 20 bytes to its not checksummed ASCII string hexadecimal representation. (#3403)
    • EnumerableMap: add new UintToUintMap map type. (#3338)
    • EnumerableMap: add new Bytes32ToUintMap map type. (#3416)
    • SafeCast: add support for many more types, using procedural code generation. (#3245)
    • MerkleProof: add multiProofVerify to prove multiple values are part of a Merkle tree. (#3276)
    • MerkleProof: add calldata versions of the functions to avoid copying input arrays to memory and save gas. (#3200)
    • ERC721, ERC1155: simplified revert reasons. (#3254, (#3438))
    • ERC721: removed redundant require statement. (#3434)
    • PaymentSplitter: add releasable getters. (#3350)
    • Initializable: refactored implementation of modifiers for easier understanding. (#3450)
    • Proxies: remove runtime check of ERC1967 storage slots. (#3455)

    Breaking changes

    • Initializable: functions decorated with the modifier reinitializer(1) may no longer invoke each other.

    4.6.0 (2022-04-26)

    • crosschain: Add a new set of contracts for cross-chain applications. CrossChainEnabled is a base contract with instantiations for several chains and bridges, and AccessControlCrossChain is an extension of access control that allows cross-chain operation. (#3183)
    • AccessControl: add a virtual _checkRole(bytes32) function that can be overridden to alter the onlyRole modifier behavior. (#3137)
    • EnumerableMap: add new AddressToUintMap map type. (#3150)
    • EnumerableMap: add new Bytes32ToBytes32Map map type. (#3192)
    • ERC20FlashMint: support infinite allowance when paying back a flash loan. (#3226)
    • ERC20Wrapper: the decimals() function now tries to fetch the value from the underlying token instance. If that calls revert, then the default value is used. (#3259)
    • draft-ERC20Permit: replace immutable with constant for _PERMIT_TYPEHASH since the keccak256 of string literals is treated specially and the hash is evaluated at compile time. (#3196)
    • ERC1155: Add a _afterTokenTransfer hook for improved extensibility. (#3166)
    • ERC1155URIStorage: add a new extension that implements a _setURI behavior similar to ERC721's _setTokenURI. (#3210)
    • DoubleEndedQueue: a new data structure that supports efficient push and pop to both front and back, useful for FIFO and LIFO queues. (#3153)
    • Governor: improved security of onlyGovernance modifier when using an external executor contract (e.g. a timelock) that can operate without necessarily going through the governance protocol. (#3147)
    • Governor: Add a way to parameterize votes. This can be used to implement voting systems such as fractionalized voting, ERC721 based voting, or any number of other systems. The params argument added to _countVote method, and included in the newly added _getVotes method, can be used by counting and voting modules respectively for such purposes. (#3043)

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • 2

    Bump @openzeppelin/contracts from 4.3.3 to 4.7.1

    Bumps @openzeppelin/contracts from 4.3.3 to 4.7.1.

    Release notes

    Sourced from @​openzeppelin/contracts's releases.

    v4.7.1

    :warning: This is a patch for a medium severity issue affecting SignatureChecker and a high severity issue affecting ERC165Checker. For more information visit the security advisories (1, 2).

    • SignatureChecker: Fix an issue that causes isValidSignatureNow to revert when the target contract returns ill-encoded data. (#3552)
    • ERC165Checker: Fix an issue that causes supportsInterface to revert when the target contract returns ill-encoded data. (#3552)

    v4.7.0

    • TimelockController: Migrate _call to _execute and allow inheritance and overriding similar to Governor. (#3317)
    • CrossChainEnabledPolygonChild: replace the require statement with the custom error NotCrossChainCall. (#3380)
    • ERC20FlashMint: Add customizable flash fee receiver. (#3327)
    • ERC4626: add an extension of ERC20 that implements the ERC4626 Tokenized Vault Standard. (#3171)
    • SafeERC20: add safePermit as mitigation against phantom permit functions. (#3280)
    • Math: add a mulDiv function that can round the result either up or down. (#3171)
    • Math: Add a sqrt function to compute square roots of integers, rounding either up or down. (#3242)
    • Strings: add a new overloaded function toHexString that converts an address with fixed length of 20 bytes to its not checksummed ASCII string hexadecimal representation. (#3403)
    • EnumerableMap: add new UintToUintMap map type. (#3338)
    • EnumerableMap: add new Bytes32ToUintMap map type. (#3416)
    • SafeCast: add support for many more types, using procedural code generation. (#3245)
    • MerkleProof: add multiProofVerify to prove multiple values are part of a Merkle tree. (#3276)
    • MerkleProof: add calldata versions of the functions to avoid copying input arrays to memory and save gas. (#3200)
    • ERC721, ERC1155: simplified revert reasons. (#3254, (#3438))
    • ERC721: removed redundant require statement. (#3434)
    • PaymentSplitter: add releasable getters. (#3350)
    • Initializable: refactored implementation of modifiers for easier understanding. (#3450)
    • Proxies: remove runtime check of ERC1967 storage slots. (#3455)

    Breaking changes

    • Initializable: functions decorated with the modifier reinitializer(1) may no longer invoke each other.

    v4.7.0-rc.0

    This prerelease is now available for open review! Let us know your feedback and if you find any security issues.

    We have a bug bounty with rewards of up to USD $25,000 and a special POAP for submitting a valid issue.

    See the announcement for more details.

    v4.6.0

    • crosschain: Add a new set of contracts for cross-chain applications. CrossChainEnabled is a base contract with instantiations for several chains and bridges, and AccessControlCrossChain is an extension of access control that allows cross-chain operation. (#3183)
    • AccessControl: add a virtual _checkRole(bytes32) function that can be overridden to alter the onlyRole modifier behavior. (#3137)
    • EnumerableMap: add new AddressToUintMap map type. (#3150)
    • EnumerableMap: add new Bytes32ToBytes32Map map type. (#3192)
    • ERC20FlashMint: support infinite allowance when paying back a flash loan. (#3226)
    • ERC20Wrapper: the decimals() function now tries to fetch the value from the underlying token instance. If that calls revert, then the default value is used. (#3259)
    • draft-ERC20Permit: replace immutable with constant for _PERMIT_TYPEHASH since the keccak256 of string literals is treated specially and the hash is evaluated at compile time. (#3196)
    • ERC1155: Add a _afterTokenTransfer hook for improved extensibility. (#3166)
    • ERC1155URIStorage: add a new extension that implements a _setURI behavior similar to ERC721's _setTokenURI. (#3210)
    • DoubleEndedQueue: a new data structure that supports efficient push and pop to both front and back, useful for FIFO and LIFO queues. (#3153)
    • Governor: improved security of onlyGovernance modifier when using an external executor contract (e.g. a timelock) that can operate without necessarily going through the governance protocol. (#3147)
    • Governor: Add a way to parameterize votes. This can be used to implement voting systems such as fractionalized voting, ERC721 based voting, or any number of other systems. The params argument added to _countVote method, and included in the newly added _getVotes method, can be used by counting and voting modules respectively for such purposes. (#3043)

    ... (truncated)

    Changelog

    Sourced from @​openzeppelin/contracts's changelog.

    4.7.1

    • SignatureChecker: Fix an issue that causes isValidSignatureNow to revert when the target contract returns ill-encoded data. (#3552)
    • ERC165Checker: Fix an issue that causes supportsInterface to revert when the target contract returns ill-encoded data. (#3552)

    4.7.0 (2022-06-29)

    • TimelockController: Migrate _call to _execute and allow inheritance and overriding similar to Governor. (#3317)
    • CrossChainEnabledPolygonChild: replace the require statement with the custom error NotCrossChainCall. (#3380)
    • ERC20FlashMint: Add customizable flash fee receiver. (#3327)
    • ERC4626: add an extension of ERC20 that implements the ERC4626 Tokenized Vault Standard. (#3171)
    • SafeERC20: add safePermit as mitigation against phantom permit functions. (#3280)
    • Math: add a mulDiv function that can round the result either up or down. (#3171)
    • Math: Add a sqrt function to compute square roots of integers, rounding either up or down. (#3242)
    • Strings: add a new overloaded function toHexString that converts an address with fixed length of 20 bytes to its not checksummed ASCII string hexadecimal representation. (#3403)
    • EnumerableMap: add new UintToUintMap map type. (#3338)
    • EnumerableMap: add new Bytes32ToUintMap map type. (#3416)
    • SafeCast: add support for many more types, using procedural code generation. (#3245)
    • MerkleProof: add multiProofVerify to prove multiple values are part of a Merkle tree. (#3276)
    • MerkleProof: add calldata versions of the functions to avoid copying input arrays to memory and save gas. (#3200)
    • ERC721, ERC1155: simplified revert reasons. (#3254, (#3438))
    • ERC721: removed redundant require statement. (#3434)
    • PaymentSplitter: add releasable getters. (#3350)
    • Initializable: refactored implementation of modifiers for easier understanding. (#3450)
    • Proxies: remove runtime check of ERC1967 storage slots. (#3455)

    Breaking changes

    • Initializable: functions decorated with the modifier reinitializer(1) may no longer invoke each other.

    4.6.0 (2022-04-26)

    • crosschain: Add a new set of contracts for cross-chain applications. CrossChainEnabled is a base contract with instantiations for several chains and bridges, and AccessControlCrossChain is an extension of access control that allows cross-chain operation. (#3183)
    • AccessControl: add a virtual _checkRole(bytes32) function that can be overridden to alter the onlyRole modifier behavior. (#3137)
    • EnumerableMap: add new AddressToUintMap map type. (#3150)
    • EnumerableMap: add new Bytes32ToBytes32Map map type. (#3192)
    • ERC20FlashMint: support infinite allowance when paying back a flash loan. (#3226)
    • ERC20Wrapper: the decimals() function now tries to fetch the value from the underlying token instance. If that calls revert, then the default value is used. (#3259)
    • draft-ERC20Permit: replace immutable with constant for _PERMIT_TYPEHASH since the keccak256 of string literals is treated specially and the hash is evaluated at compile time. (#3196)
    • ERC1155: Add a _afterTokenTransfer hook for improved extensibility. (#3166)
    • ERC1155URIStorage: add a new extension that implements a _setURI behavior similar to ERC721's _setTokenURI. (#3210)
    • DoubleEndedQueue: a new data structure that supports efficient push and pop to both front and back, useful for FIFO and LIFO queues. (#3153)
    • Governor: improved security of onlyGovernance modifier when using an external executor contract (e.g. a timelock) that can operate without necessarily going through the governance protocol. (#3147)
    • Governor: Add a way to parameterize votes. This can be used to implement voting systems such as fractionalized voting, ERC721 based voting, or any number of other systems. The params argument added to _countVote method, and included in the newly added _getVotes method, can be used by counting and voting modules respectively for such purposes. (#3043)
    • Governor: rewording of revert reason for consistency. (#3275)
    • Governor: fix an inconsistency in data locations that could lead to invalid bytecode being produced. (#3295)
    • Governor: Implement IERC721Receiver and IERC1155Receiver to improve token custody by governors. (#3230)
    • TimelockController: Implement IERC721Receiver and IERC1155Receiver to improve token custody by timelocks. (#3230)
    • TimelockController: Add a separate canceller role for the ability to cancel. (#3165)
    • Initializable: add a reinitializer modifier that enables the initialization of new modules, added to already initialized contracts through upgradeability. (#3232)

    ... (truncated)

    Commits
    • 3b8b4ba 4.7.1
    • 212de08 Fix issues caused by abi.decode reverting (#3552)
    • 8c49ad7 4.7.0
    • 0b238a5 Minor wording fixes ERC4626 contract (#3510)
    • e4748fb Support memory arrays in MerkleTree multiproof (#3493)
    • b971092 Make ERC4626 _deposit and _withdraw internal virtual (#3504)
    • 4307d74 Add a caution note to ERC4626 about EOA access (#3503)
    • 1e7d735 Clarify PaymentSplitter shares are static
    • 029706d Fix check for generated code when last updated is a release candidate
    • 97c46a7 Output diff when test:generation fails
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • 3

    Mumbai network is not defined

    Describe the bug The mumbai network is not defined as described in the readme for the Matic NFT tutorial

    To Reproduce Steps to reproduce the behavior:

    1. Checkout matic-nft-tutorial and yarn install
    2. Switch defaultNetwork to mumbai (It's not currently defined)
    3. Run yarn generate

    Expected behavior The mnemonic to be generated as described in the readme

    Screenshots image

  • 4

    Cyberconnect starter kit

    Hi, this is the CyberConnect Starter kit. Thank you again for the opportunity to contribute to Scaffold-eth. Please let me know if there is any question or problem. Thank you!

  • 5

    Bump url-parse from 1.5.3 to 1.5.10

    Bumps url-parse from 1.5.3 to 1.5.10.

    Commits
    • 8cd4c6c 1.5.10
    • ce7a01f [fix] Improve handling of empty port
    • 0071490 [doc] Update JSDoc comment
    • a7044e3 [minor] Use more descriptive variable name
    • d547792 [security] Add credits for CVE-2022-0691
    • ad23357 1.5.9
    • 0e3fb54 [fix] Strip all control characters from the beginning of the URL
    • 61864a8 [security] Add credits for CVE-2022-0686
    • bb0104d 1.5.8
    • d5c6479 [fix] Handle the case where the port is specified but empty
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • 6

    Bump url-parse from 1.5.3 to 1.5.7

    Bumps url-parse from 1.5.3 to 1.5.7.

    Commits
    • 8b3f5f2 1.5.7
    • ef45a13 [fix] Readd the empty userinfo to url.href (#226)
    • 88df234 [doc] Add soft deprecation notice
    • 78e9f2f [security] Fix nits
    • e6fa434 [security] Add credits for incorrect handling of userinfo vulnerability
    • 4c9fa23 1.5.6
    • 7b0b8a6 Merge pull request #223 from unshiftio/fix/at-sign-handling-in-userinfo
    • e4a5807 1.5.5
    • 193b44b [minor] Simplify whitespace regex
    • 319851b [fix] Remove CR, HT, and LF
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • 7

    Bump nanoid from 3.1.23 to 3.2.0

    Bumps nanoid from 3.1.23 to 3.2.0.

    Changelog

    Sourced from nanoid's changelog.

    Change Log

    This project adheres to Semantic Versioning.

    3.2

    • Added --size and --alphabet arguments to binary (by Vitaly Baev).

    3.1.32

    • Reduced async exports size (by Artyom Arutyunyan).
    • Moved from Jest to uvu (by Vitaly Baev).

    3.1.31

    • Fixed collision vulnerability on object in size (by Artyom Arutyunyan).

    3.1.30

    • Reduced size for project with brotli compression (by Anton Khlynovskiy).

    3.1.29

    • Reduced npm package size.

    3.1.28

    • Reduced npm package size.

    3.1.27

    • Cleaned dependencies from development tools.

    3.1.26

    • Improved performance (by Eitan Har-Shoshanim).
    • Reduced npm package size.

    3.1.25

    • Fixed browserify support.

    3.1.24

    • Fixed browserify support (by Artur Paikin).
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • 8

    Bump @openzeppelin/contracts from 4.3.3 to 4.4.2

    Bumps @openzeppelin/contracts from 4.3.3 to 4.4.2.

    Release notes

    Sourced from @​openzeppelin/contracts's releases.

    v4.4.2

    :warning: This is a patch for a medium severity issue. For more information visit the security advisory.

    • GovernorCompatibilityBravo: Fix error in the encoding of calldata for proposals submitted through the compatibility interface with explicit signatures. (#3100)

    v4.4.1

    :warning: This is a patch for a low severity vulnerability. For more information visit the security advisory.

    • Initializable: change the existing initializer modifier and add a new onlyInitializing modifier to prevent reentrancy risk. (#3006)

    Breaking change

    It is no longer possible to call an initializer-protected function from within another initializer function outside the context of a constructor. Projects using OpenZeppelin upgradeable proxies should continue to work as is, since in the common case the initializer is invoked in the constructor directly. If this is not the case for you, the suggested change is to use the new onlyInitializing modifier in the following way:

     contract A {
    -    function initialize() public   initializer { ... }
    +    function initialize() internal onlyInitializing { ... }
     }
     contract B is A {
         function initialize() public initializer {
             A.initialize();
         }
     }
    

    v4.4.0

    Check out the first OpenZeppelin Community Call where the team discussed everything that is included in this release.

    And if you missed it, we recently announced an official bug bounty program for OpenZeppelin Contracts. Check it out!

    • Ownable: add an internal _transferOwnership(address). (#2568)
    • AccessControl: add internal _grantRole(bytes32,address) and _revokeRole(bytes32,address). (#2568)
    • AccessControl: mark _setupRole(bytes32,address) as deprecated in favor of _grantRole(bytes32,address). (#2568)
    • AccessControlEnumerable: hook into _grantRole(bytes32,address) and _revokeRole(bytes32,address). (#2946)
    • EIP712: cache address(this) to immutable storage to avoid potential issues if a vanilla contract is used in a delegatecall context. (#2852)
    • Add internal _setApprovalForAll to ERC721 and ERC1155. (#2834)
    • Governor: shift vote start and end by one block to better match Compound's GovernorBravo and prevent voting at the Governor level if the voting snapshot is not ready. (#2892)
    • GovernorCompatibilityBravo: consider quorum an inclusive rather than exclusive minimum to match Compound's GovernorBravo. (#2974)
    • GovernorSettings: a new governor module that manages voting settings updatable through governance actions. (#2904)
    • PaymentSplitter: now supports ERC20 assets in addition to Ether. (#2858)
    • ECDSA: add a variant of toEthSignedMessageHash for arbitrary length message hashing. (#2865)
    • MerkleProof: add a processProof function that returns the rebuilt root hash given a leaf and a proof. (#2841)
    • VestingWallet: new contract that handles the vesting of Ether and ERC20 tokens following a customizable vesting schedule. (#2748)
    • Governor: enable receiving Ether when a Timelock contract is not used. (#2748)
    • GovernorTimelockCompound: fix ability to use Ether stored in the Timelock contract. (#2748)
    Changelog

    Sourced from @​openzeppelin/contracts's changelog.

    4.4.2 (2022-01-11)

    Bugfixes

    • GovernorCompatibilityBravo: Fix error in the encoding of calldata for proposals submitted through the compatibility interface with explicit signatures. (#3100)

    4.4.1 (2021-12-14)

    • Initializable: change the existing initializer modifier and add a new onlyInitializing modifier to prevent reentrancy risk. (#3006)

    Breaking change

    It is no longer possible to call an initializer-protected function from within another initializer function outside the context of a constructor. Projects using OpenZeppelin upgradeable proxies should continue to work as is, since in the common case the initializer is invoked in the constructor directly. If this is not the case for you, the suggested change is to use the new onlyInitializing modifier in the following way:

     contract A {
    -    function initialize() public   initializer { ... }
    +    function initialize() internal onlyInitializing { ... }
     }
     contract B is A {
         function initialize() public initializer {
             A.initialize();
         }
     }
    

    4.4.0 (2021-11-25)

    • Ownable: add an internal _transferOwnership(address). (#2568)
    • AccessControl: add internal _grantRole(bytes32,address) and _revokeRole(bytes32,address). (#2568)
    • AccessControl: mark _setupRole(bytes32,address) as deprecated in favor of _grantRole(bytes32,address). (#2568)
    • AccessControlEnumerable: hook into _grantRole(bytes32,address) and _revokeRole(bytes32,address). (#2946)
    • EIP712: cache address(this) to immutable storage to avoid potential issues if a vanilla contract is used in a delegatecall context. (#2852)
    • Add internal _setApprovalForAll to ERC721 and ERC1155. (#2834)
    • Governor: shift vote start and end by one block to better match Compound's GovernorBravo and prevent voting at the Governor level if the voting snapshot is not ready. (#2892)
    • GovernorCompatibilityBravo: consider quorum an inclusive rather than exclusive minimum to match Compound's GovernorBravo. (#2974)
    • GovernorSettings: a new governor module that manages voting settings updatable through governance actions. (#2904)
    • PaymentSplitter: now supports ERC20 assets in addition to Ether. (#2858)
    • ECDSA: add a variant of toEthSignedMessageHash for arbitrary length message hashing. (#2865)
    • MerkleProof: add a processProof function that returns the rebuilt root hash given a leaf and a proof. (#2841)
    • VestingWallet: new contract that handles the vesting of Ether and ERC20 tokens following a customizable vesting schedule. (#2748)
    • Governor: enable receiving Ether when a Timelock contract is not used. (#2748)
    • GovernorTimelockCompound: fix ability to use Ether stored in the Timelock contract. (#2748)
    Commits
    • b53c432 4.4.2
    • 9cae52c Use abi.encodePacked instead of bytes.concat
    • 93d2d15 Make script executable
    • eff4ad7 Fix encoding of signature+calldata in GovernorCompatibilityBravo (#3100)
    • 66436cb Change release script to only update version comment for changed files (#3033)
    • 6bd6b76 4.4.1
    • 13a6ec7 Remove bad date from changelog
    • 553c8fd Update initializer modifier to prevent reentrancy during initialization (#3006)
    • 4961a51 4.4.0
    • 94a0b8f Make VestingWallet token event argument indexed (#2988)
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • 9

    Bump markdown-it from 12.2.0 to 12.3.2

    Bumps markdown-it from 12.2.0 to 12.3.2.

    Changelog

    Sourced from markdown-it's changelog.

    [12.3.2] - 2022-01-08

    Security

    [12.3.1] - 2022-01-07

    Fixed

    • Fix corner case when tab prevents paragraph continuation in lists, #830.

    [12.3.0] - 2021-12-09

    Changed

    • StateInline.delimiters[].jump is removed.

    Fixed

    • Fixed quadratic complexity in pathological ***<10k stars>***a***<10k stars>*** case.
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • 10

    Bump @openzeppelin/contracts from 4.3.3 to 4.4.1

    Bumps @openzeppelin/contracts from 4.3.3 to 4.4.1.

    Release notes

    Sourced from @​openzeppelin/contracts's releases.

    v4.4.1

    :warning: This is a patch for a low severity vulnerability. For more information visit the security advisory.

    • Initializable: change the existing initializer modifier and add a new onlyInitializing modifier to prevent reentrancy risk. (#3006)

    Breaking change

    It is no longer possible to call an initializer-protected function from within another initializer function outside the context of a constructor. Projects using OpenZeppelin upgradeable proxies should continue to work as is, since in the common case the initializer is invoked in the constructor directly. If this is not the case for you, the suggested change is to use the new onlyInitializing modifier in the following way:

     contract A {
    -    function initialize() public   initializer { ... }
    +    function initialize() internal onlyInitializing { ... }
     }
     contract B is A {
         function initialize() public initializer {
             A.initialize();
         }
     }
    

    v4.4.0

    Check out the first OpenZeppelin Community Call where the team discussed everything that is included in this release.

    And if you missed it, we recently announced an official bug bounty program for OpenZeppelin Contracts. Check it out!

    • Ownable: add an internal _transferOwnership(address). (#2568)
    • AccessControl: add internal _grantRole(bytes32,address) and _revokeRole(bytes32,address). (#2568)
    • AccessControl: mark _setupRole(bytes32,address) as deprecated in favor of _grantRole(bytes32,address). (#2568)
    • AccessControlEnumerable: hook into _grantRole(bytes32,address) and _revokeRole(bytes32,address). (#2946)
    • EIP712: cache address(this) to immutable storage to avoid potential issues if a vanilla contract is used in a delegatecall context. (#2852)
    • Add internal _setApprovalForAll to ERC721 and ERC1155. (#2834)
    • Governor: shift vote start and end by one block to better match Compound's GovernorBravo and prevent voting at the Governor level if the voting snapshot is not ready. (#2892)
    • GovernorCompatibilityBravo: consider quorum an inclusive rather than exclusive minimum to match Compound's GovernorBravo. (#2974)
    • GovernorSettings: a new governor module that manages voting settings updatable through governance actions. (#2904)
    • PaymentSplitter: now supports ERC20 assets in addition to Ether. (#2858)
    • ECDSA: add a variant of toEthSignedMessageHash for arbitrary length message hashing. (#2865)
    • MerkleProof: add a processProof function that returns the rebuilt root hash given a leaf and a proof. (#2841)
    • VestingWallet: new contract that handles the vesting of Ether and ERC20 tokens following a customizable vesting schedule. (#2748)
    • Governor: enable receiving Ether when a Timelock contract is not used. (#2748)
    • GovernorTimelockCompound: fix ability to use Ether stored in the Timelock contract. (#2748)
    Changelog

    Sourced from @​openzeppelin/contracts's changelog.

    4.4.1 (2021-12-14)

    • Initializable: change the existing initializer modifier and add a new onlyInitializing modifier to prevent reentrancy risk. (#3006)

    Breaking change

    It is no longer possible to call an initializer-protected function from within another initializer function outside the context of a constructor. Projects using OpenZeppelin upgradeable proxies should continue to work as is, since in the common case the initializer is invoked in the constructor directly. If this is not the case for you, the suggested change is to use the new onlyInitializing modifier in the following way:

     contract A {
    -    function initialize() public   initializer { ... }
    +    function initialize() internal onlyInitializing { ... }
     }
     contract B is A {
         function initialize() public initializer {
             A.initialize();
         }
     }
    

    4.4.0 (2021-11-25)

    • Ownable: add an internal _transferOwnership(address). (#2568)
    • AccessControl: add internal _grantRole(bytes32,address) and _revokeRole(bytes32,address). (#2568)
    • AccessControl: mark _setupRole(bytes32,address) as deprecated in favor of _grantRole(bytes32,address). (#2568)
    • AccessControlEnumerable: hook into _grantRole(bytes32,address) and _revokeRole(bytes32,address). (#2946)
    • EIP712: cache address(this) to immutable storage to avoid potential issues if a vanilla contract is used in a delegatecall context. (#2852)
    • Add internal _setApprovalForAll to ERC721 and ERC1155. (#2834)
    • Governor: shift vote start and end by one block to better match Compound's GovernorBravo and prevent voting at the Governor level if the voting snapshot is not ready. (#2892)
    • GovernorCompatibilityBravo: consider quorum an inclusive rather than exclusive minimum to match Compound's GovernorBravo. (#2974)
    • GovernorSettings: a new governor module that manages voting settings updatable through governance actions. (#2904)
    • PaymentSplitter: now supports ERC20 assets in addition to Ether. (#2858)
    • ECDSA: add a variant of toEthSignedMessageHash for arbitrary length message hashing. (#2865)
    • MerkleProof: add a processProof function that returns the rebuilt root hash given a leaf and a proof. (#2841)
    • VestingWallet: new contract that handles the vesting of Ether and ERC20 tokens following a customizable vesting schedule. (#2748)
    • Governor: enable receiving Ether when a Timelock contract is not used. (#2748)
    • GovernorTimelockCompound: fix ability to use Ether stored in the Timelock contract. (#2748)
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • 11

    Bump tmpl from 1.0.4 to 1.0.5

    Bumps tmpl from 1.0.4 to 1.0.5.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • 12

    Bump express from 4.17.1 to 4.18.2

    Bumps express from 4.17.1 to 4.18.2.

    Release notes

    Sourced from express's releases.

    4.18.2

    4.18.1

    • Fix hanging on large stack of sync routes

    4.18.0

    ... (truncated)

    Changelog

    Sourced from express's changelog.

    4.18.2 / 2022-10-08

    4.18.1 / 2022-04-29

    • Fix hanging on large stack of sync routes

    4.18.0 / 2022-04-25

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • 13

    Bump decode-uri-component from 0.2.0 to 0.2.2

    Bumps decode-uri-component from 0.2.0 to 0.2.2.

    Release notes

    Sourced from decode-uri-component's releases.

    v0.2.2

    • Prevent overwriting previously decoded tokens 980e0bf

    https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2

    v0.2.1

    • Switch to GitHub workflows 76abc93
    • Fix issue where decode throws - fixes #6 746ca5d
    • Update license (#1) 486d7e2
    • Tidelift tasks a650457
    • Meta tweaks 66e1c28

    https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • 14

    Bump qs from 6.5.2 to 6.5.3

    Bumps qs from 6.5.2 to 6.5.3.

    Changelog

    Sourced from qs's changelog.

    6.5.3

    • [Fix] parse: ignore __proto__ keys (#428)
    • [Fix] utils.merge`: avoid a crash with a null target and a truthy non-array source
    • [Fix] correctly parse nested arrays
    • [Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)
    • [Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided
    • [Fix] when parseArrays is false, properly handle keys ending in []
    • [Fix] fix for an impossible situation: when the formatter is called with a non-string value
    • [Fix] utils.merge: avoid a crash with a null target and an array source
    • [Refactor] utils: reduce observable [[Get]]s
    • [Refactor] use cached Array.isArray
    • [Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)
    • [Refactor] parse: only need to reassign the var once
    • [Robustness] stringify: avoid relying on a global undefined (#427)
    • [readme] remove travis badge; add github actions/codecov badges; update URLs
    • [Docs] Clean up license text so it’s properly detected as BSD-3-Clause
    • [Docs] Clarify the need for "arrayLimit" option
    • [meta] fix README.md (#399)
    • [meta] add FUNDING.yml
    • [actions] backport actions from main
    • [Tests] always use String(x) over x.toString()
    • [Tests] remove nonexistent tape option
    • [Dev Deps] backport from main
    Commits
    • 298bfa5 v6.5.3
    • ed0f5dc [Fix] parse: ignore __proto__ keys (#428)
    • 691e739 [Robustness] stringify: avoid relying on a global undefined (#427)
    • 1072d57 [readme] remove travis badge; add github actions/codecov badges; update URLs
    • 12ac1c4 [meta] fix README.md (#399)
    • 0338716 [actions] backport actions from main
    • 5639c20 Clean up license text so it’s properly detected as BSD-3-Clause
    • 51b8a0b add FUNDING.yml
    • 45f6759 [Fix] fix for an impossible situation: when the formatter is called with a no...
    • f814a7f [Dev Deps] backport from main
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • 15

    Getting "ProviderError: Invalid signature v value" with localhost network while deploying the AaveApe contract

    Describe the bug Unable to deploy the AaveApe contract

    To Reproduce Steps to reproduce the behavior:

    1. Checkout to the branch aave-ape - git checkout aave-ape
    2. yarn install
    3. Start localhost hardhat network - yarn fork
    4. Deploy the contracts in a new terminal - yarn deploy

    Expected behavior Successful deployment of the contracts

    Error log

    ProviderError: Invalid signature v value
        at HttpProvider.request (/home/aneeshakota/DEFI/scaffold-eth-examples/node_modules/hardhat/src/internal/core/providers/http.ts:46:19)
        at GanacheGasMultiplierProvider.request (/home/aneeshakota/DEFI/scaffold-eth-examples/node_modules/hardhat/src/internal/core/providers/gas-providers.ts:170:34)
        at processTicksAndRejections (node:internal/process/task_queues:96:5)
    error Command failed with exit code 1.
    info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.
    

    Screenshots Please, request if screenshot would be helpful here.

    Desktop (please complete the following information):

    • OS: Linux x64 (WSL 2 Ubuntu)
    • Browser N/a
    • Version WSL 2

    Smartphone (please complete the following information):

    • Device: N/a
    • OS: N/a
    • Browser N/a
    • Version N/a
  • 16

    Bump @openzeppelin/contracts from 4.3.3 to 4.7.3

    Bumps @openzeppelin/contracts from 4.3.3 to 4.7.3.

    Release notes

    Sourced from @​openzeppelin/contracts's releases.

    v4.7.3

    :warning: This is a patch for a high severity issue. For more information visit the security advisory.

    Breaking changes

    • ECDSA: recover(bytes32,bytes) and tryRecover(bytes32,bytes) no longer accept compact signatures to prevent malleability. Compact signature support remains available using recover(bytes32,bytes32,bytes32) and tryRecover(bytes32,bytes32,bytes32).

    v4.7.2

    :warning: This is a patch for three issues, including a high severity issue in GovernorVotesQuorumFraction. For more information visit the security advisories (1, 2, 3).

    1. GovernorVotesQuorumFraction: Fixed quorum updates so they do not affect past proposals that failed due to lack of quorum. (#3561)
    2. ERC165Checker: Added protection against large returndata. (#3587)
    3. LibArbitrumL2, CrossChainEnabledArbitrumL2: Fixed detection of cross-chain calls for EOAs. Previously, calls from EOAs would be classified as cross-chain calls. (#3578)

    v4.7.1

    :warning: This is a patch for a medium severity issue affecting SignatureChecker and a high severity issue affecting ERC165Checker. For more information visit the security advisories (1, 2).

    • SignatureChecker: Fix an issue that causes isValidSignatureNow to revert when the target contract returns ill-encoded data. (#3552)
    • ERC165Checker: Fix an issue that causes supportsInterface to revert when the target contract returns ill-encoded data. (#3552)

    v4.7.0

    • TimelockController: Migrate _call to _execute and allow inheritance and overriding similar to Governor. (#3317)
    • CrossChainEnabledPolygonChild: replace the require statement with the custom error NotCrossChainCall. (#3380)
    • ERC20FlashMint: Add customizable flash fee receiver. (#3327)
    • ERC4626: add an extension of ERC20 that implements the ERC4626 Tokenized Vault Standard. (#3171)
    • SafeERC20: add safePermit as mitigation against phantom permit functions. (#3280)
    • Math: add a mulDiv function that can round the result either up or down. (#3171)
    • Math: Add a sqrt function to compute square roots of integers, rounding either up or down. (#3242)
    • Strings: add a new overloaded function toHexString that converts an address with fixed length of 20 bytes to its not checksummed ASCII string hexadecimal representation. (#3403)
    • EnumerableMap: add new UintToUintMap map type. (#3338)
    • EnumerableMap: add new Bytes32ToUintMap map type. (#3416)
    • SafeCast: add support for many more types, using procedural code generation. (#3245)
    • MerkleProof: add multiProofVerify to prove multiple values are part of a Merkle tree. (#3276)
    • MerkleProof: add calldata versions of the functions to avoid copying input arrays to memory and save gas. (#3200)
    • ERC721, ERC1155: simplified revert reasons. (#3254, (#3438))
    • ERC721: removed redundant require statement. (#3434)
    • PaymentSplitter: add releasable getters. (#3350)
    • Initializable: refactored implementation of modifiers for easier understanding. (#3450)
    • Proxies: remove runtime check of ERC1967 storage slots. (#3455)

    Breaking changes

    • Initializable: functions decorated with the modifier reinitializer(1) may no longer invoke each other.

    v4.7.0-rc.0

    This prerelease is now available for open review! Let us know your feedback and if you find any security issues.

    We have a bug bounty with rewards of up to USD $25,000 and a special POAP for submitting a valid issue.

    See the announcement for more details.

    ... (truncated)

    Changelog

    Sourced from @​openzeppelin/contracts's changelog.

    4.7.3

    Breaking changes

    • ECDSA: recover(bytes32,bytes) and tryRecover(bytes32,bytes) no longer accept compact signatures to prevent malleability. Compact signature support remains available using recover(bytes32,bytes32,bytes32) and tryRecover(bytes32,bytes32,bytes32).

    4.7.2

    • LibArbitrumL2, CrossChainEnabledArbitrumL2: Fixed detection of cross-chain calls for EOAs. Previously, calls from EOAs would be classified as cross-chain calls. (#3578)
    • GovernorVotesQuorumFraction: Fixed quorum updates so they do not affect past proposals that failed due to lack of quorum. (#3561)
    • ERC165Checker: Added protection against large returndata. (#3587)

    4.7.1

    • SignatureChecker: Fix an issue that causes isValidSignatureNow to revert when the target contract returns ill-encoded data. (#3552)
    • ERC165Checker: Fix an issue that causes supportsInterface to revert when the target contract returns ill-encoded data. (#3552)

    4.7.0 (2022-06-29)

    • TimelockController: Migrate _call to _execute and allow inheritance and overriding similar to Governor. (#3317)
    • CrossChainEnabledPolygonChild: replace the require statement with the custom error NotCrossChainCall. (#3380)
    • ERC20FlashMint: Add customizable flash fee receiver. (#3327)
    • ERC4626: add an extension of ERC20 that implements the ERC4626 Tokenized Vault Standard. (#3171)
    • SafeERC20: add safePermit as mitigation against phantom permit functions. (#3280)
    • Math: add a mulDiv function that can round the result either up or down. (#3171)
    • Math: Add a sqrt function to compute square roots of integers, rounding either up or down. (#3242)
    • Strings: add a new overloaded function toHexString that converts an address with fixed length of 20 bytes to its not checksummed ASCII string hexadecimal representation. (#3403)
    • EnumerableMap: add new UintToUintMap map type. (#3338)
    • EnumerableMap: add new Bytes32ToUintMap map type. (#3416)
    • SafeCast: add support for many more types, using procedural code generation. (#3245)
    • MerkleProof: add multiProofVerify to prove multiple values are part of a Merkle tree. (#3276)
    • MerkleProof: add calldata versions of the functions to avoid copying input arrays to memory and save gas. (#3200)
    • ERC721, ERC1155: simplified revert reasons. (#3254, (#3438))
    • ERC721: removed redundant require statement. (#3434)
    • PaymentSplitter: add releasable getters. (#3350)
    • Initializable: refactored implementation of modifiers for easier understanding. (#3450)
    • Proxies: remove runtime check of ERC1967 storage slots. (#3455)

    Breaking changes

    • Initializable: functions decorated with the modifier reinitializer(1) may no longer invoke each other.

    4.6.0 (2022-04-26)

    • crosschain: Add a new set of contracts for cross-chain applications. CrossChainEnabled is a base contract with instantiations for several chains and bridges, and AccessControlCrossChain is an extension of access control that allows cross-chain operation. (#3183)
    • AccessControl: add a virtual _checkRole(bytes32) function that can be overridden to alter the onlyRole modifier behavior. (#3137)
    • EnumerableMap: add new AddressToUintMap map type. (#3150)
    • EnumerableMap: add new Bytes32ToBytes32Map map type. (#3192)
    • ERC20FlashMint: support infinite allowance when paying back a flash loan. (#3226)
    • ERC20Wrapper: the decimals() function now tries to fetch the value from the underlying token instance. If that calls revert, then the default value is used. (#3259)

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • 17

    "Nonce too low" error from Hardhat-network when using loogies-svg-nft with localhost

    Describe the bug Unable to confirm mint transaction with error.

    To Reproduce Steps to reproduce the behavior:

    1. yarn install, chain, deploy, start from https://github.com/scaffold-eth/scaffold-eth-examples/tree/loogies-svg-nft.
    2. Copy to clipboard link from Wallet connect.
    3. At <Punkwallet.io> choose "localhost".
    4. Grab from faucet.
    5. Insert the link and connect the wallet to the app.
    6. Mint couple of tokens.
    7. The first one I managed to get, but never another one. Metamask works kind of fine. Error from Hh network.
    eth_sendRawTransaction
    
      Nonce too low. Expected nonce to be 1 but got 0.
    

    Expected behavior Seamless tokens minting while balance allows it.

    Screenshots Please, request if screenshot would be helpful here.

    Desktop (please complete the following information):

    • OS: Linux
    • Browser Firefox
    • Version 100.0

    Smartphone (please complete the following information):

    • Device: N/a
    • OS: N/a
    • Browser N/a
    • Version N/a

    Additional context If this problem is of interest for anybody on Scaffold-ETH, let me know, so we could look into it. For me it's really hard to estimate it's impact or severity.