Bump @openzeppelin/contracts from 2.5.1 to 4.0.0

[dependabot-preview]

Bumps @openzeppelin/contracts from 2.5.1 to 4.0.0.

Release notes

Sourced from @openzeppelin/contracts's releases.

v4.0.0-beta.0

A beta release for Solidity 0.8. Read the announcement in the forum.

v3.4.0

Read the full announcement in the blog or check out the changelog.

Security Fixes

• ERC777: fix potential reentrancy issues for custom extensions to ERC777. (#2483)

If you're using our implementation of ERC777 from version 3.3.0 or earlier, and you define a custom _beforeTokenTransfer function that writes to a storage variable, you may be vulnerable to a reentrancy attack. If you're affected and would like assistance please write to security@openzeppelin.com. Read more in the pull request.

v3.3.0

Read the full announcement in the forum or check out the changelog.

• Now supports both Solidity 0.6 and 0.7. Compiling with solc 0.7 will result in warnings. Install the solc-0.7 tag to compile without warnings.
• TimelockController: added a contract to augment access control schemes with a delay. (#2354)
• Address: added functionStaticCall, similar to the existing functionCall. (#2333)
• EnumerableSet: added Bytes32Set, for sets of bytes32. (#2395)

v3.2.1 for Solidity 0.7

This is a special release for Solidity 0.7 that gets rid of a warning in ERC777 using one of the new features of the language. (#2327)

Note: The variant for Solidity 0.7 can be installed using npm install @openzeppelin/contracts@solc-0.7.

v3.2.0

Welcome to a new release of OpenZeppelin Contracts! 👯

The big feature in this release is that we’ve migrated our proxy contracts from OpenZeppelin SDK into the Contracts project. We hope this will make more people aware of upgrades in Ethereum, and we also think the contracts will benefit greatly from the continued scrutiny by all of you in the community. This was also a migration of the proxies from Solidity 0.5 to 0.6, which we know some users have been waiting for.

For Solidity 0.7 users, a reminder that we have support for the newer compiler version published on npm under the tag solc-0.7, the latest release being 3.2.0-solc-0.7. We’re considering officially switching to 0.7 for the release after this one.

There is additionally a small breaking change in ERC20Snapshot that may affect some of its users. If you’re one of them please take a look at the changelog.

v3.1.0

This is the first release since v3.0, our last major release. It includes the long-awaited ERC1155 token and helpers for safe calls and downcasts, as well as a number of minor improvements.

To install this release, run:

npm install --save-dev @openzeppelin/contracts

ERC1155

This is a new token standard developed by the gaming industry, focusing on gas efficiency. It's key difference is that it is a multi-token contract: a single ERC1155 can be used to represent an arbitrary number of tokens, which is very useful in applications that require many tokens by removing the high gas costs associated with deploying them. Check out our new documentation page to learn more!.

More Replacements for call

... (truncated)

Changelog

Sourced from @openzeppelin/contracts's changelog.

4.0.0 (2021-03-23)

• Now targeting the 0.8.x line of Solidity compilers. For 0.6.x (resp 0.7.x) support, use version 3.4.0 (resp 3.4.0-solc-0.7) of OpenZeppelin.
• Context: making _msgData return bytes calldata instead of bytes memory (#2492)
• ERC20: removed the _setDecimals function and the storage slot associated to decimals. (#2502)
• Strings: addition of a toHexString function. (#2504)
• EnumerableMap: change implementation to optimize for key → value lookups instead of enumeration. (#2518)
• GSN: deprecate GSNv1 support in favor of upcoming support for GSNv2. (#2521)
• ERC165: remove uses of storage in the base ERC165 implementation. ERC165 based contracts now use storage-less virtual functions. Old behavior remains available in the ERC165Storage extension. (#2505)
• Initializable: make initializer check stricter during construction. (#2531)
• ERC721: remove enumerability of tokens from the base implementation. This feature is now provided separately through the ERC721Enumerable extension. (#2511)
• AccessControl: removed enumerability by default for a more lightweight contract. It is now opt-in through AccessControlEnumerable. (#2512)
• Meta Transactions: add ERC2771Context and a MinimalForwarder for meta-transactions. (#2508)
• Overall reorganization of the contract folder to improve clarity and discoverability. (#2503)
• ERC20Capped: optimize gas usage by enforcing the check directly in _mint. (#2524)
• Rename UpgradeableProxy to ERC1967Proxy. (#2547)
• ERC777: optimize the gas costs of the constructor. (#2551)
• ERC721URIStorage: add a new extension that implements the _setTokenURI behavior as it was available in 3.4.0. (#2555)
• AccessControl: added ERC165 interface detection. (#2562)
• ERC1155: make uri public so overloading function can call it using super. (#2576)

Bug fixes for beta releases

• AccessControlEnumerable: Fixed renounceRole not updating enumerable set of addresses for a role. (#2572)

How to upgrade from 3.x

Since this version has moved a few contracts to different directories, users upgrading from a previous version will need to adjust their import statements. To make this easier, the package includes a script that will migrate import statements automatically. After upgrading to the latest version of the package, run:

npx openzeppelin-contracts-migrate-imports

Make sure you're using git or another version control system to be able to recover from any potential error in our script.

How to upgrade from 4.0-beta.x

Some further changes have been done between the different beta iterations. Transitions made during this period are configured in the migrate-imports script. Consequently, you can upgrade from any previous 4.0-beta.x version using the same script as described in the How to upgrade from 3.x section.

3.4.0 (2021-02-02)

• BeaconProxy: added new kind of proxy that allows simultaneous atomic upgrades. (#2411)
• EIP712: added helpers to verify EIP712 typed data signatures on chain. (#2418)
• ERC20Permit: added an implementation of the ERC20 permit extension for gasless token approvals. (#2237)
• Presets: added token presets with preminted fixed supply ERC20PresetFixedSupply and ERC777PresetFixedSupply. (#2399)
• Address: added functionDelegateCall, similar to the existing functionCall. (#2333)
• Clones: added a library for deploying EIP 1167 minimal proxies. (#2449)
• Context: moved from contracts/GSN to contracts/utils. (#2453)
• PaymentSplitter: replace usage of .transfer() with Address.sendValue for improved compatibility with smart wallets. (#2455)
• UpgradeableProxy: bubble revert reasons from initialization calls. (#2454)

... (truncated)

Commits

• a673994 4.0.0
• 9b0e27c add missing rewrite rule in scripts/migrate-imports.js
• 90a72f9 Fix ERC721URIStorage in documentation
• 1ee939e 4.0.0-rc.0
• 59f33c1 remove extra changelog entry
• d104ced fix changelog format
• 1fd5469 Update lockfile (#2573)
• 27fc833 Make ERC1155.uri public (#2576)
• 0b3e0d7 Further reorganisation of the repo (#2575)
• d75b4cf Update changelog to list beta bugfix separately
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[dependabot-preview]

Superseded by #1167.