build(deps-dev): bump @openzeppelin/contracts and @openzeppelin/contracts-upgradeable

[dependabot]

Bumps @openzeppelin/contracts and @openzeppelin/contracts-upgradeable. These dependencies needed to be updated together.
Updates @openzeppelin/contracts from 5.0.2 to 5.2.0

Release notes

Sourced from @​openzeppelin/contracts's releases.

v5.2.0

Breaking Changes

Custom error changes

This version comes with changes to the custom error identifiers. Contracts previously depending on the following errors should be replaced accordingly:

• Replace Errors.FailedCall with a bubbled-up revert reason in Address.sendValue.

Changes by category

General

• Update some pragma directives to ensure that all file requirements match that of the files they import. (#5273)

Account

• ERC4337Utils: Add a reusable library to manipulate user operations and interact with ERC-4337 contracts (#5274)
• ERC7579Utils: Add a reusable library to interact with ERC-7579 modular accounts (#5274)

Governance

• GovernorCountingOverridable: Add a governor counting module that enables token holders to override the vote of their delegate. (#5192)
• VotesExtended: Create an extension of Votes which checkpoints balances and delegates. (#5192)

Proxy

• Clones: Add cloneWithImmutableArgs and cloneDeterministicWithImmutableArgs variants that create clones with per-instance immutable arguments. The immutable arguments can be retrieved using fetchCloneArgs. The corresponding predictDeterministicWithImmutableArgs function is also included. (#5109)

Tokens

• ERC1363Utils: Add helper similar to the existing ERC721Utils and ERC1155Utils (#5133)

Utils

• Address: bubble up revert data on sendValue failed call (#5418)
• Bytes: Add a library of common operations that operate on bytes objects. (#5252)
• CAIP2 and CAIP10: Add libraries for formatting and parsing CAIP-2 and CAIP-10 identifiers. (#5252)
• NoncesKeyed: Add a variant of Nonces that implements the ERC-4337 entrypoint nonce system. (#5272)
• Packing: Add variants for packing bytes10 and bytes22 (#5274)
• Strings: Add parseUint, parseInt, parseHexUint and parseAddress to parse strings into numbers and addresses. Also provide variants of these functions that parse substrings, and tryXxx variants that do not revert on invalid input. (#5166)

v5.2.0-rc.1

• ERC7579Utils: Add ABI decoding checks on calldata bounds within decodeBatch (#5367)

v5.2.0-rc.0

Changes by category

... (truncated)

Changelog

Sourced from @​openzeppelin/contracts's changelog.

5.2.0 (2025-01-08)

Breaking Changes

Custom error changes

This version comes with changes to the custom error identifiers. Contracts previously depending on the following errors should be replaced accordingly:

• Replace Errors.FailedCall with a bubbled-up revert reason in Address.sendValue.

Changes by category

General

• Update some pragma directives to ensure that all file requirements match that of the files they import. (#5273)

Account

• ERC4337Utils: Add a reusable library to manipulate user operations and interact with ERC-4337 contracts (#5274)
• ERC7579Utils: Add a reusable library to interact with ERC-7579 modular accounts (#5274)

Governance

• GovernorCountingOverridable: Add a governor counting module that enables token holders to override the vote of their delegate. (#5192)
• VotesExtended: Create an extension of Votes which checkpoints balances and delegates. (#5192)

Proxy

• Clones: Add cloneWithImmutableArgs and cloneDeterministicWithImmutableArgs variants that create clones with per-instance immutable arguments. The immutable arguments can be retrieved using fetchCloneArgs. The corresponding predictDeterministicWithImmutableArgs function is also included. (#5109)

Tokens

• ERC1363Utils: Add helper similar to the existing ERC721Utils and ERC1155Utils (#5133)

Utils

• Address: bubble up revert data on sendValue failed call (#5418)
• Bytes: Add a library of common operations that operate on bytes objects. (#5252)
• CAIP2 and CAIP10: Add libraries for formatting and parsing CAIP-2 and CAIP-10 identifiers. (#5252)
• NoncesKeyed: Add a variant of Nonces that implements the ERC-4337 entrypoint nonce system. (#5272)
• Packing: Add variants for packing bytes10 and bytes22 (#5274)
• Strings: Add parseUint, parseInt, parseHexUint and parseAddress to parse strings into numbers and addresses. Also provide variants of these functions that parse substrings, and tryXxx variants that do not revert on invalid input. (#5166)

5.1.0 (2024-10-17)

Breaking changes

• ERC1967Utils: Removed duplicate declaration of the Upgraded, AdminChanged and BeaconUpgraded events. These events are still available through the IERC1967 interface located under the contracts/interfaces/ directory. Minimum pragma version is now 0.8.21.
• Governor, GovernorCountingSimple: The _countVote virtual function now returns an uint256 with the total votes cast. This change allows for more flexibility for partial and fractional voting. Upgrading users may get a compilation error that can be fixed by adding a return statement to the _countVote function.

... (truncated)

Commits

• acd4ff7 Release v5.2.0 (#5419)
• 6c10bab Exit release candidate
• 0cc8dcf Release v5.2 update before final release (#5418)
• f78e445 Release v5.2.0 (rc) (#5377)
• ab96c48 Cherrypick #5353 into release-v5.2 (#5367)
• ac4198f Release v5.2.0 (rc) (#5277)
• 7e014ee Fix v5.2 testing (#5339)
• e5e9ff7 Release v5.2 audit fixes (#5330)
• 98d28f9 Start release candidate
• 28aed34 Merge account abstraction work into master (#5274)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ernestognw, a new releaser for @​openzeppelin/contracts since your current version.

Updates @openzeppelin/contracts-upgradeable from 5.0.2 to 5.2.0

Release notes

Sourced from @​openzeppelin/contracts-upgradeable's releases.

v5.2.0

Breaking Changes

Custom error changes

This version comes with changes to the custom error identifiers. Contracts previously depending on the following errors should be replaced accordingly:

• Replace Errors.FailedCall with a bubbled-up revert reason in Address.sendValue.

Changes by category

General

• Update some pragma directives to ensure that all file requirements match that of the files they import. (#5273)

Account

• ERC4337Utils: Add a reusable library to manipulate user operations and interact with ERC-4337 contracts (#5274)
• ERC7579Utils: Add a reusable library to interact with ERC-7579 modular accounts (#5274)

Governance

• GovernorCountingOverridable: Add a governor counting module that enables token holders to override the vote of their delegate. (#5192)
• VotesExtended: Create an extension of Votes which checkpoints balances and delegates. (#5192)

Proxy

• Clones: Add cloneWithImmutableArgs and cloneDeterministicWithImmutableArgs variants that create clones with per-instance immutable arguments. The immutable arguments can be retrieved using fetchCloneArgs. The corresponding predictDeterministicWithImmutableArgs function is also included. (#5109)

Tokens

• ERC1363Utils: Add helper similar to the existing ERC721Utils and ERC1155Utils (#5133)

Utils

• Address: bubble up revert data on sendValue failed call (#5418)
• Bytes: Add a library of common operations that operate on bytes objects. (#5252)
• CAIP2 and CAIP10: Add libraries for formatting and parsing CAIP-2 and CAIP-10 identifiers. (#5252)
• NoncesKeyed: Add a variant of Nonces that implements the ERC-4337 entrypoint nonce system. (#5272)
• Packing: Add variants for packing bytes10 and bytes22 (#5274)
• Strings: Add parseUint, parseInt, parseHexUint and parseAddress to parse strings into numbers and addresses. Also provide variants of these functions that parse substrings, and tryXxx variants that do not revert on invalid input. (#5166)

v5.2.0-rc.1

• ERC7579Utils: Add ABI decoding checks on calldata bounds within decodeBatch (#5367)

v5.2.0-rc.0

Changes by category

... (truncated)

Changelog

Sourced from @​openzeppelin/contracts-upgradeable's changelog.

5.2.0 (2025-01-08)

Breaking Changes

Custom error changes

This version comes with changes to the custom error identifiers. Contracts previously depending on the following errors should be replaced accordingly:

• Replace Errors.FailedCall with a bubbled-up revert reason in Address.sendValue.

Changes by category

General

• Update some pragma directives to ensure that all file requirements match that of the files they import. (#5273)

Account

• ERC4337Utils: Add a reusable library to manipulate user operations and interact with ERC-4337 contracts (#5274)
• ERC7579Utils: Add a reusable library to interact with ERC-7579 modular accounts (#5274)

Governance

• GovernorCountingOverridable: Add a governor counting module that enables token holders to override the vote of their delegate. (#5192)
• VotesExtended: Create an extension of Votes which checkpoints balances and delegates. (#5192)

Proxy

• Clones: Add cloneWithImmutableArgs and cloneDeterministicWithImmutableArgs variants that create clones with per-instance immutable arguments. The immutable arguments can be retrieved using fetchCloneArgs. The corresponding predictDeterministicWithImmutableArgs function is also included. (#5109)

Tokens

• ERC1363Utils: Add helper similar to the existing ERC721Utils and ERC1155Utils (#5133)

Utils

• Address: bubble up revert data on sendValue failed call (#5418)
• Bytes: Add a library of common operations that operate on bytes objects. (#5252)
• CAIP2 and CAIP10: Add libraries for formatting and parsing CAIP-2 and CAIP-10 identifiers. (#5252)
• NoncesKeyed: Add a variant of Nonces that implements the ERC-4337 entrypoint nonce system. (#5272)
• Packing: Add variants for packing bytes10 and bytes22 (#5274)
• Strings: Add parseUint, parseInt, parseHexUint and parseAddress to parse strings into numbers and addresses. Also provide variants of these functions that parse substrings, and tryXxx variants that do not revert on invalid input. (#5166)

5.1.0 (2024-10-17)

Breaking changes

• ERC1967Utils: Removed duplicate declaration of the Upgraded, AdminChanged and BeaconUpgraded events. These events are still available through the IERC1967 interface located under the contracts/interfaces/ directory. Minimum pragma version is now 0.8.21.
• Governor, GovernorCountingSimple: The _countVote virtual function now returns an uint256 with the total votes cast. This change allows for more flexibility for partial and fractional voting. Upgrading users may get a compilation error that can be fixed by adding a return statement to the _countVote function.

... (truncated)

Commits

• 3d5fa5c Transpile acd4ff74d
• 3185fad Transpile 6c10bab3c
• 76cd2e9 Transpile 0cc8dcfb5
• e695cb6 Transpile f78e44555
• 9e85794 Transpile ab96c4871
• 8cb7caa Transpile ac4198fcf
• See full diff in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
npm/@openzeppelin/contracts	^5.3.0	🟢 5.6	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 10 all changesets reviewed Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected License 🟢 10 license file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 14 existing vulnerabilities detected
npm/@openzeppelin/contracts-upgradeable	^5.3.0	🟢 4.6	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected SAST ⚠️ 0 no SAST tool detected Binary-Artifacts 🟢 10 no binaries found in the repo License 🟢 10 license file detected Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 14 existing vulnerabilities detected
npm/@openzeppelin/contracts	5.3.0	🟢 5.6	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 10 all changesets reviewed Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected License 🟢 10 license file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 14 existing vulnerabilities detected
npm/@openzeppelin/contracts-upgradeable	5.3.0	🟢 4.6	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected SAST ⚠️ 0 no SAST tool detected Binary-Artifacts 🟢 10 no binaries found in the repo License 🟢 10 license file detected Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 14 existing vulnerabilities detected

Scanned Files

• package.json
• yarn.lock

[TravellerOnTheRun]

@dependabot rebase