chore(deps): bump the npm_and_yarn group across 5 directories with 21 updates

[dependabot]

Bumps the npm_and_yarn group with 5 updates in the /contracts directory:

Package	From	To
base-x	3.0.9	3.0.11
bn.js	5.2.1	5.2.3
bn.js	4.12.0	4.12.3
brace-expansion	1.1.11	1.1.12
brace-expansion	2.0.1	2.0.2
cipher-base	1.0.4	1.0.7
cookie	0.4.2	removed

Bumps the npm_and_yarn group with 9 updates in the /tests/evm-tools-compatibility/hardhat directory:

Package	From	To
@openzeppelin/contracts	5.3.0	5.4.0
brace-expansion	2.0.1	2.0.2
brace-expansion	1.1.11	1.1.12
diff	4.0.2	4.0.4
diff	5.2.0	5.2.2
js-yaml	4.1.0	4.1.1
js-yaml	3.14.1	3.14.2
pbkdf2	3.1.2	3.1.5
ws	7.4.6	8.17.1
ajv	8.17.1	8.18.0
form-data	4.0.2	4.0.5
form-data	2.5.3	2.5.5
qs	6.14.0	6.15.0

Bumps the npm_and_yarn group with 4 updates in the /tests/evm-tools-compatibility/viem directory: brace-expansion, diff, glob and js-yaml.
Bumps the npm_and_yarn group with 3 updates in the /tests/evm-tools-compatibility/web3.js directory: bn.js, diff and js-yaml.
Bumps the npm_and_yarn group with 9 updates in the /tests/solidity directory:

Package	From	To
base-x	3.0.9	3.0.11
brace-expansion	1.1.11	1.1.12
cipher-base	1.0.4	1.0.7
lodash	4.17.21	4.17.23
pbkdf2	3.1.2	3.1.5
sha.js	2.4.11	2.4.12
undici	5.28.4	5.29.0
ajv	6.12.6	6.14.0
min-document	2.19.0	2.19.2

Updates base-x from 3.0.9 to 3.0.11

Commits

• 043a888 3.0.11
• 2705ddd [backport 3.x] Prohibit char codes that would overflow the BASE_MAP
• 3d43c0e 3.0.10
• 0a35446 Improve decoding performance
• See full diff in compare view

Updates bn.js from 5.2.1 to 5.2.3

Changelog

Sourced from bn.js's changelog.

5.2.3 / 2026-02-19

• fix: imaskn state (#317)

5.2.2 / 2025-04-25

• fix: imuln/muln with zero (#313)

Commits

• ea6c072 5.2.3
• 33df26b fix imaskn state (#317)
• 6db7c38 5.2.2
• c7e1a53 Fix imuln/muln with zero (#313)
• 4cc0bfa docs: mention the max plain JS number argument value (#307)
• 5df40f8 Document length unit in toBuffer(...) input (#299)
• See full diff in compare view

Updates bn.js from 4.12.0 to 4.12.3

Changelog

Sourced from bn.js's changelog.

5.2.3 / 2026-02-19

• fix: imaskn state (#317)

5.2.2 / 2025-04-25

• fix: imuln/muln with zero (#313)

Commits

• ea6c072 5.2.3
• 33df26b fix imaskn state (#317)
• 6db7c38 5.2.2
• c7e1a53 Fix imuln/muln with zero (#313)
• 4cc0bfa docs: mention the max plain JS number argument value (#307)
• 5df40f8 Document length unit in toBuffer(...) input (#299)
• See full diff in compare view

Updates brace-expansion from 1.1.11 to 1.1.12

Release notes

Sourced from brace-expansion's releases.

v1.1.12

• pkg: publish on tag 1.x c460dbd
• fmt ccb8ac6
• Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

---

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

• 44f33b4 1.1.12
• c460dbd pkg: publish on tag 1.x
• ccb8ac6 fmt
• c3c73c8 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
• See full diff in compare view

Updates brace-expansion from 2.0.1 to 2.0.2

Release notes

Sourced from brace-expansion's releases.

v1.1.12

• pkg: publish on tag 1.x c460dbd
• fmt ccb8ac6
• Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

---

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

• 44f33b4 1.1.12
• c460dbd pkg: publish on tag 1.x
• ccb8ac6 fmt
• c3c73c8 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
• See full diff in compare view

Updates cipher-base from 1.0.4 to 1.0.7

Changelog

Sourced from cipher-base's changelog.

v1.0.7 - 2025-09-24

Commits

• [Refactor] use to-buffer fd1e5ee
• [Dev Deps] update @ljharb/eslint-config 08ba803

v1.0.6 - 2024-11-26

Commits

• [Fix] io.js 3.0 - Node.js 5.3 typed array support b7ddd2a

v1.0.5 - 2024-11-17

Commits

• [Tests] standard -> eslint, make test dir, etc ae02fd6
• [Tests] migrate from travis to GHA 66387d7
• [meta] fix package.json indentation 5c02918
• [Fix] return valid values on multi-byte-wide TypedArray input 8fd1364
• [meta] add auto-changelog 88dc806
• [meta] add npmignore and safe-publish-latest 7a137d7
• Only apps should have lockfiles 42528f2
• [Deps] update inherits, safe-buffer 0e7a2d9
• [meta] add missing engines.node f2dc13e

Commits

• 0056718 v1.0.7
• fd1e5ee [Refactor] use to-buffer
• 08ba803 [Dev Deps] update @ljharb/eslint-config
• f5249f9 v1.0.6
• b7ddd2a [Fix] io.js 3.0 - Node.js 5.3 typed array support
• f03cebf v1.0.5
• 88dc806 [meta] add auto-changelog
• 7a137d7 [meta] add npmignore and safe-publish-latest
• 5c02918 [meta] fix package.json indentation
• 8fd1364 [Fix] return valid values on multi-byte-wide TypedArray input
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for cipher-base since your current version.

Install script changes

This version adds prepublish script that runs during installation. Review the package contents before updating.

Removes cookie

Updates undici from 5.28.4 to 6.23.0

Release notes

Sourced from undici's releases.

v5.29.0

What's Changed

• Fix tests in v5.x for Node 20 by @​mcollina in nodejs/undici#4104
• Removed clients with unrecoverable errors from the Pool nodejs/undici#4088

Full Changelog: nodejs/undici@v5.28.5...v5.29.0

v5.28.5

⚠️ Security Release ⚠️

Fixes CVE CVE-2025-22150 GHSA-c76h-2ccp-4975 (embargoed until 22-01-2025).

Full Changelog: nodejs/undici@v5.28.4...v5.28.5

Commits

• 9528f68 Bumped v5.29.0
• f1d75a4 increase timeout for redirect test
• 2d31ed6 remove fuzzing tests
• 6b36d49 fix redirect test in Node v16
• 648dd8f more fix for the wpt runner on Windows
• a0516ba don't use internal header state for cookies (#3295)
• 87ce4af fix test/client for node 20
• c2c8fd5 fix: accept v20 SSL specific error for alpn selection in http/2
• 82200bd [v6.x] fix wpts on windows (#4093)
• 47546fa test: fix windows wpt (#4050)
• Additional commits viewable in compare view

Updates @openzeppelin/contracts from 5.3.0 to 5.4.0

Release notes

Sourced from @​openzeppelin/contracts's releases.

v5.4.0

Breaking changes

• Update minimum pragma to 0.8.24 in SignatureChecker, Governor and Governor's extensions. (#5716).

Pragma changes

• Reduced pragma requirement of interface files

Changes by category

Account

• Account: Added a simple ERC-4337 account implementation with minimal logic to process user operations. (#5657)
• AccountERC7579: Extension of Account that implements support for ERC-7579 modules of type executor, validator, and fallback handler. (#5657)
• AccountERC7579Hooked: Extension of AccountERC7579 that implements support for ERC-7579 hook modules. (#5657)
• EIP7702Utils: Add a library for checking if an address has an EIP-7702 delegation in place. (#5587)
• IERC7821, ERC7821: Interface and logic for minimal batch execution. No support for additional opData is included. (#5657)

Governance

• GovernorNoncesKeyed: Extension of Governor that adds support for keyed nonces when voting by sig. (#5574)

Tokens

• ERC20Bridgeable: Implementation of ERC-7802 that makes an ERC-20 compatible with crosschain bridges. (#5739)

Cryptography

Signers

• AbstractSigner, SignerECDSA, SignerP256, and SignerRSA: Add an abstract contract and various implementations for contracts that deal with signature verification. (#5657)
• SignerERC7702: Implementation of AbstractSigner for Externally Owned Accounts (EOAs). Useful with ERC-7702. (#5657)
• SignerERC7913: Abstract signer that verifies signatures using the ERC-7913 workflow. (#5659)
• MultiSignerERC7913: Implementation of AbstractSigner that supports multiple ERC-7913 signers with a threshold-based signature verification system. (#5659)
• MultiSignerERC7913Weighted: Extension of MultiSignerERC7913 that supports assigning different weights to each signer, enabling more flexible governance schemes. (#5741)

Verifiers

• ERC7913P256Verifier and ERC7913RSAVerifier: Ready to use ERC-7913 verifiers that implement key verification for P256 (secp256r1) and RSA keys. (#5659)

Other

• SignatureChecker: Add support for ERC-7913 signatures alongside existing ECDSA and ERC-1271 signature verification. (#5659)
• ERC7739: An abstract contract to validate signatures following the rehashing scheme from ERC7739Utils. (#5664)
• ERC7739Utils: Add a library that implements a defensive rehashing mechanism to prevent replayability of smart contract signatures based on the ERC-7739. (#5664)

Structures

• EnumerableMap: Add support for BytesToBytesMap type. (#5658)

... (truncated)

Changelog

Sourced from @​openzeppelin/contracts's changelog.

5.4.0 (2025-07-17)

Breaking changes

• Update minimum pragma to 0.8.24 in SignatureChecker, Governor and Governor's extensions. (#5716).

Pragma changes

• Reduced pragma requirement of interface files.

Changes by category

Account

• Account: Added a simple ERC-4337 account implementation with minimal logic to process user operations. (#5657)
• AccountERC7579: Extension of Account that implements support for ERC-7579 modules of type executor, validator, and fallback handler. (#5657)
• AccountERC7579Hooked: Extension of AccountERC7579 that implements support for ERC-7579 hook modules. (#5657)
• EIP7702Utils: Add a library for checking if an address has an EIP-7702 delegation in place. (#5587)
• IERC7821, ERC7821: Interface and logic for minimal batch execution. No support for additional opData is included. (#5657)

Governance

• GovernorNoncesKeyed: Extension of Governor that adds support for keyed nonces when voting by sig. (#5574)

Tokens

• ERC20Bridgeable: Implementation of ERC-7802 that makes an ERC-20 compatible with crosschain bridges. (#5735)

Cryptography

Signers

• AbstractSigner, SignerECDSA, SignerP256, and SignerRSA: Add an abstract contract and various implementations for contracts that deal with signature verification. (#5657)
• SignerERC7702: Implementation of AbstractSigner for Externally Owned Accounts (EOAs). Useful with ERC-7702. (#5657)
• SignerERC7913: Abstract signer that verifies signatures using the ERC-7913 workflow. (#5659)
• MultiSignerERC7913: Implementation of AbstractSigner that supports multiple ERC-7913 signers with a threshold-based signature verification system. (#5659)
• MultiSignerERC7913Weighted: Extension of MultiSignerERC7913 that supports assigning different weights to each signer, enabling more flexible governance schemes. (#5718)

Verifiers

• ERC7913P256Verifier and ERC7913RSAVerifier: Ready to use ERC-7913 verifiers that implement key verification for P256 (secp256r1) and RSA keys. (#5659)

Other

• SignatureChecker: Add support for ERC-7913 signatures alongside existing ECDSA and ERC-1271 signature verification. (#5659)
• ERC7739: An abstract contract to validate signatures following the rehashing scheme from ERC7739Utils. (#5664)
• ERC7739Utils: Add a library that implements a defensive rehashing mechanism to prevent replayability of smart contract signatures based on the ERC-7739. (#5664)

Structures

... (truncated)

Commits

• c64a1ed Release v5.4.0 (#5801)
• 6f9f523 Exit release candidate
• f19bf29 Fix bug in Bytes.lastIndexOf when array is empty and position is not 2²⁵⁶-1 (...
• fffade5 Add warning about Clones pointing to implementation with no code (#5798)
• 54a8027 Clarify documentation for IAccessManager.canCall (#5795)
• f12605a Add Account framework docs and guides (#5660)
• 83b829e Address 5.4 audit documentation improvements (#5779)
• 2e152ba Cause _addSigners to revert if it triggers a totalWeight overflow (#5790)
• a341850 Minimize pragma for MultiSignerERC7913Weighted.sol (#5778)
• ca1494a Improve naming consystency in EnumerableSet (#5776)
• Additional commits viewable in compare view

Updates brace-expansion from 2.0.1 to 2.0.2

Release notes

Sourced from brace-expansion's releases.

v1.1.12

• pkg: publish on tag 1.x c460dbd
• fmt ccb8ac6
• Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

---

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

• 44f33b4 1.1.12
• c460dbd pkg: publish on tag 1.x
• ccb8ac6 fmt
• c3c73c8 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
• See full diff in compare view

Updates brace-expansion from 1.1.11 to 1.1.12

Release notes

Sourced from brace-expansion's releases.

v1.1.12

• pkg: publish on tag 1.x c460dbd
• fmt ccb8ac6
• Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

---

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

• 44f33b4 1.1.12
• c460dbd pkg: publish on tag 1.x
• ccb8ac6 fmt
• c3c73c8 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
• See full diff in compare view

Updates diff from 4.0.2 to 4.0.4

Changelog

Sourced from diff's changelog.

v4.0.4 - January 2026

Only change from 4.0.2 is a backport of the fix to GHSA-73rr-hh4g-fpgx.

v4.0.3 (deprecated)

Accidental release - do not use.

Commits

• f06f3e4 v4.0.4
• 0179a48 v4.0.3
• 4568cae Backport kpdecker/jsdiff#649
• 4de0ffa Backport kpdecker/jsdiff#647
• See full diff in compare view

Maintainer changes

This version was pushed to npm by explodingcabbage, a new releaser for diff since your current version.

Updates diff from 5.2.0 to 5.2.2

Changelog

Sourced from diff's changelog.

v4.0.4 - January 2026

Only change from 4.0.2 is a backport of the fix to GHSA-73rr-hh4g-fpgx.

v4.0.3 (deprecated)

Accidental release - do not use.

Commits

• f06f3e4 v4.0.4
• 0179a48 v4.0.3
• 4568cae Backport kpdecker/jsdiff#649
• 4de0ffa Backport kpdecker/jsdiff#647
• See full diff in compare view

Maintainer changes

This version was pushed to npm by explodingcabbage, a new releaser for diff since your current version.

Updates js-yaml from 4.1.0 to 4.1.1

Changelog

Sourced from js-yaml's changelog.

[4.1.1] - 2025-11-12

Security

• Fix prototype pollution issue in yaml merge (<<) operator.

Commits

• cc482e7 4.1.1 released
• 50968b8 dist rebuild
• d092d86 lint fix
• 383665f fix prototype pollution in merge (<<)
• 0d3ca7a README.md: HTTP => HTTPS (#678)
• 49baadd doc: 'empty' style option for !!null
• ba3460e Fix demo link (#618)
• See full diff in compare view

Updates js-yaml from 3.14.1 to 3.14.2

Changelog

Sourced from js-yaml's changelog.

[4.1.1] - 2025-11-12

Security

• Fix prototype pollution issue in yaml merge (<<) operator.

Commits

• cc482e7 4.1.1 released
• 50968b8 dist rebuild
• d092d86 lint fix
• 383665f fix prototype pollution in merge (<<)
• 0d3ca7a README.md: HTTP => HTTPS (#678)
• 49baadd doc: 'empty' style option for !!null
• ba3460e Fix demo link (#618)
• See full diff in compare view

Updates pbkdf2 from 3.1.2 to 3.1.5

Changelog

Sourced from pbkdf2's changelog.

v3.1.5 - 2025-09-23

Commits

• [Fix] only allow finite iterations 67bd94d
• [Fix] restore node 0.10 support 8f59d96
• [Fix] check parameters before the "no Promise" bailout d2dc5f0

v3.1.4 - 2025-09-22

Commits

• [Deps] update create-hash, ripemd160, sha.js, to-buffer 8dbf49b
• [meta] update repo URLs d15bc35
• [Dev Deps] update @ljharb/eslint-config aaf870b

v3.1.3 - 2025-06-20

Commits

• Only apps should have lockfiles 8b06730
• [lint] fix whitespace 9a76e2f
• [lint] fix parens/curlies/semis/etc 6fd84bf
• [meta] add auto-changelog 796c38d
• [Tests] fix tests in node 17 3661fb0
• Revert "[Tests] fix tests in node < 3" 7431b57
• [Tests] fix tests in node < 3 eb9f97a
• [Fix] ensure unknown algorithms throw + known ones match node 26d4fd3
• [Tests] add GHA, always run nyc 513906a
• [lint] fix a few more rules ab04da8
• [lint] switch to eslint 89694cf
• [Tests] add coverage d0d534b
• [Refactor] use to-buffer e3102a8
• [readme] improve badges fca0c9d
• [Tests] remove unused travis file a2c7d93
• [meta] switch from files to npmignore 7f31fbc
• [Tests] use .nycrc 8d628e8
• [Refactor] minor tweaks fc61005
• [Deps] update create-hmac, safe-buffer, sha.js ae2a7d0
• [Fix] pin create-hash, ripemd160 due to breaking changes e079968
• [Tests] fix tests in node 3 45fbcf3
• [meta] skip publishing benchmarks 19ea57b
• [Dev Deps] add missing peer dep 645e252

Commits

• 3687905 v3.1.5
• 67bd94d [Fix] only allow finite iterations
• 8f59d96 [Fix] restore node 0.10 support
• d2dc5f0 [Fix] check parameters before the "no Promise" bailout
• b2ad615 v3.1.4
• 8dbf49b [Deps] update create-hash, ripemd160, sha.js, to-buffer
• aaf870b [Dev Deps] update @ljharb/eslint-config
• d15bc35 [meta] update repo URLs
• 3e40827 v3.1.3
• e3102a8 [Refactor] use to-buffer
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for pbkdf2 since your current version.

Updates sha.js from 2.4.11 to 2.4.12

Changelog

Sourced from sha.js's changelog.

v2.4.12 - 2025-07-01

Commits

• [eslint] switch to eslint 7acadfb
• [meta] add auto-changelog b46e711
• [eslint] fix package.json indentation df9d521
• [Tests] migrate from travis to GHA c43c64a
• [Fix] support multi-byte wide typed arrays f2a258e
• [meta] reorder package.json d8d77c0
• [meta] add npmignore 35aec35
• [Tests] avoid console logs 73e33ae
• [Tests] fix tests run in batch 2629130
• [Tests] drop node requirement to 0.10 00c7f23
• [Dev Deps] update buffer, hash-test-vectors, standard, tape, typedarray 92b5de5
• [Tests] drop node requirement to v3 9b5eca8
• [meta] set engines to >= 4 807084c
• Only apps should have lockfiles c72789c
• [Deps] update inherits, safe-buffer 5428cfc
• [Dev Deps] update @ljharb/eslint-config 2dbe0aa
• update README to reflect LICENSE 8938256
• [Dev Deps] add missing peer dep d528896
• [Dev Deps] remove unused buffer dep 94ca724

Commits

• eb4ea2f v2.4.12
• d8d77c0 [meta] reorder package.json
• df9d521 [eslint] fix package.json indentation
• 35aec35 [meta] add npmignore
• d528896 [Dev Deps] add missing peer dep
• b46e711 [meta] add auto-changelog
• 94ca724 [Dev Deps] remove unused buffer dep
• 2dbe0aa [Dev Deps] update @ljharb/eslint-config
• 73e33ae [Tests] avoid console logs
• f2a258e [Fix] support multi-byte wide typed arrays
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for sha.js since your current version.

Updates ws from 7.4.6 to 8.17.1

Release notes

Sourced from ws's releases.

8.17.1

Bug fixes

• Fixed a DoS vulnerability (#2231).

A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server.

const http = require('http');
const WebSocket = require('ws');
const wss = new WebSocket.Server({ port: 0 }, function () {
const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');
const headers = {};
let count = 0;
for (let i = 0; i < chars.length; i++) {
if (count === 2000) break;
for (let j = 0; j &lt; chars.length; j++) {
  const key = chars[i] + chars[j];
  headers[key] = 'x';
if (++count === 2000) break;
}

}
headers.Connection = 'Upgrade';
headers.Upgrade = 'websocket';
headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';
headers['Sec-WebSocket-Version'] = '13';
const request = http.request({
headers: headers,
host: '127.0.0.1',
port: wss.address().port
});
request.end();
});

The vulnerability was reported by Ryan LaPointe in websockets/ws#2230.

In vulnerable versions of ws, the issue can be mitigated in the following ways:

1. Reduce the maximum allowed length of the request headers using the [--max-http-header-size=size][] and/or the [maxHeaderSize][] options so that no more headers than the server.maxHeadersCount limit can be sent.

... (truncated)

Commits

• 3c56601 [dist] 8.17.1
• e55e510 [security] Fix crash when the Upgrade header cannot be read (#2231)
• 6a00029 [test] Increase code coverage
• ddfe4a8 [perf] Reduce the amount of crypto.randomFillSync() calls
• b73b118 [dist] 8.17.0
• 29694a5 [test] Use the highWaterMark variable
• 934c9d6 [ci] Test on node 22
• 1817bac [ci] Do not test on node 21
• 96c9b3d [major] Flip the default value of allowSynchronousEvents (#2221)
• e5f32c7 [fix] Emit at most one event per event loop iteration (#2218)
• Additional commits viewable in compare view

Updates ajv from 8.17.1 to 8.18.0

Release notes

Sourced from ajv's releases.

v8.18.0

What's Changed

• feat: allow tree-shaking by adding "sideEffects": false to package.json by @​josdejong in ajv-validator/ajv#2480
• fix: #2482 Infinity and NaN serialise to null by @​jasoniangreen in ajv-validator/ajv#2487
• fix: small grammatical error in managing-schemas.md by @​monteiro-renato in ajv-validator/ajv#2508
• fix: typos in schema-language.md by @​monteiro-renato in ajv-validator/ajv#2507
• fix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by @​epoberezkin in ajv-validator/ajv#2586

New Contributors

• @​josdejong made their first contribution in ajv-validator/ajv#2480
• @​monteiro-renato made their first contribution in ajv-validator/ajv#2508

Full Changelog: ajv-validator/ajv@v8.17.1...v8.18.0

Commits

• 142ce84 8.18.0
• 720a23f fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...
• 82735a1 fix: typos in schema-language.md (#2507)
• b17ec32 fix: small grammatical error in managing-schemas.md (#2508)
• 69568d0 fix: #2482 Infinity and NaN serialise to null (#2487)
• f06766f feat: allow tree-shaking by adding ``"sideEffects": falsetopackage.json` ...
• See full diff in compare view

Updates axios from 0.21.4 to 1.8.4

Release notes

Sourced from axios's releases.

Release v1.8.4

Release notes:

Bug Fixes

• buildFullPath: handle allowAbsoluteUrls: false without baseURL (#6833) (f10c2e0)

Contributors to this release

• Marc Hassan

Release v1.8.3

Release notes:

Bug Fixes

• add missing type for allowAbsoluteUrls (#6818) (10fa70e)
• xhr/fetch: pass allowAbsoluteUrls to buildFullPath in xhr and fetch adapters (#6814) (ec159e5)

Contributors to this release

• Ashcon Partovi
• Description has been truncated

  ---

  [!NOTE]
  Medium Risk
  Major-version tooling upgrades (Hardhat v2→v3 and OpenZeppelin v4→v5) can break contract builds/tests and may require newer Node versions; changes are otherwise limited to dependency metadata/lockfile updates.

  Overview
  Upgrades the contracts package dev tooling from hardhat@2.22.2 to hardhat@3.1.9 and @openzeppelin/contracts@4.9.6 to 5.4.0.

  Regenerates contracts/package-lock.json, replacing the previous Hardhat v2 dependency graph (ethers v5-era packages) with Hardhat v3’s new dependency set (notably @nomicfoundation/edr, esbuild, tsx, updated ws, etc.) and newer Node engine requirements.

  ^{Written by} Cursor Bugbot for commit fdcd2ac. Configure here.

[dependabot]

Superseded by #23.

[cursor]

Cursor Bugbot has reviewed your changes and found 2 potential issues.

^{Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.}

Comment @cursor review or bugbot run to trigger another review on this PR

[cursor]

OpenZeppelin v5 removes ERC20PresetMinterPauser used by contracts

High Severity

Upgrading @openzeppelin/contracts from v4 to v5 breaks compilation. OpenZeppelin v5 removed the presets directory entirely — contracts at contracts/solidity/x/erc20/keeper/testdata/ERC20DirectBalanceManipulation.sol and ERC20MaliciousDelayed.sol directly import @openzeppelin/contracts/token/ERC20/presets/ERC20PresetMinterPauser.sol, which no longer exists in v5. Additionally, several contracts override _beforeTokenTransfer, which was replaced by _update in v5. These contracts will fail to compile.

Additional Locations (1)

• contracts/package-lock.json#L811-L816

 

[cursor]

Hardhat 3 major upgrade breaks existing config format

High Severity

Upgrading hardhat from v2 to v3 is a breaking major version change. Hardhat 3 requires ESM config format, a different plugin system, and Node.js ≥ 20. The existing hardhat.config.js (CommonJS-style) will not work with Hardhat 3 without rewriting. No corresponding config file changes are included in this PR.

Additional Locations (1)

• contracts/package-lock.json#L1073-L1104