Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps-dev): bump @openzeppelin/contracts from 4.7.0 to 4.7.2 #175

Merged
merged 1 commit into from
Aug 1, 2022
Merged

chore(deps-dev): bump @openzeppelin/contracts from 4.7.0 to 4.7.2 #175

merged 1 commit into from
Aug 1, 2022

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jul 28, 2022

Bumps @openzeppelin/contracts from 4.7.0 to 4.7.2.

Release notes

Sourced from @​openzeppelin/contracts's releases.

v4.7.1

⚠️ This is a patch for a medium severity issue affecting SignatureChecker and a high severity issue affecting ERC165Checker. For more information visit the security advisories (1, 2).

  • SignatureChecker: Fix an issue that causes isValidSignatureNow to revert when the target contract returns ill-encoded data. (#3552)
  • ERC165Checker: Fix an issue that causes supportsInterface to revert when the target contract returns ill-encoded data. (#3552)
Changelog

Sourced from @​openzeppelin/contracts's changelog.

4.7.2

  • LibArbitrumL2, CrossChainEnabledArbitrumL2: Fixed detection of cross-chain calls for EOAs. Previously, calls from EOAs would be classified as cross-chain calls. (#3578)
  • GovernorVotesQuorumFraction: Fixed quorum updates so they do not affect past proposals that failed due to lack of quorum. (#3561)
  • ERC165Checker: Added protection against large returndata. (#3587)

4.7.1

  • SignatureChecker: Fix an issue that causes isValidSignatureNow to revert when the target contract returns ill-encoded data. (#3552)
  • ERC165Checker: Fix an issue that causes supportsInterface to revert when the target contract returns ill-encoded data. (#3552)
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps-dev): bump @openzeppelin/contracts from 4.7.0 to 4.7.2
008beb0 
Bumps [@openzeppelin/contracts](https://github.com/OpenZeppelin/openzeppelin-contracts) from 4.7.0 to 4.7.2.
- [Release notes](https://github.com/OpenZeppelin/openzeppelin-contracts/releases)
- [Changelog](https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/CHANGELOG.md)
- [Commits](OpenZeppelin/openzeppelin-contracts@v4.7.0...v4.7.2)

---
updated-dependencies:
- dependency-name: "@openzeppelin/contracts"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file Type: Security Patch🛡️ labels Jul 28, 2022
@dependabot dependabot bot mentioned this pull request Jul 28, 2022
Closed
@netlify
Copy link

netlify bot commented Jul 28, 2022
edited
Loading

Deploy Preview for kleros-v2 failed.

Name Link
🔨 Latest commit 008beb0
🔍 Latest deploy log https://app.netlify.com/sites/kleros-v2/deploys/62e21eace9244f0008a2a312

@sonarcloud
Copy link

sonarcloud bot commented Jul 28, 2022

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@codeclimate
Copy link

codeclimate bot commented Jul 28, 2022

Code Climate has analyzed commit 008beb0 and detected 0 issues on this pull request.

View more on Code Climate.

@jaybuidl jaybuidl changed the base branch from master to chore/patches August 1, 2022 19:19
@jaybuidl jaybuidl merged commit 8f6475f into chore/patches Aug 1, 2022
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/openzeppelin/contracts-4.7.2 branch August 1, 2022 19:21
@jaybuidl jaybuidl added this to the prealpha-3 milestone Aug 29, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@jaybuidl jaybuidl

@alcercu alcercu

Labels
dependencies Pull requests that update a dependency file Type: Security Patch🛡️
Projects
None yet
Milestone
prealpha-3
Development

Successfully merging this pull request may close these issues.
2 participants
@jaybuidl @alcercu