chore(deps): bump @openzeppelin/contracts from 4.9.5 to 5.0.2

[dependabot]

Bumps @openzeppelin/contracts from 4.9.5 to 5.0.1.

Release notes

Sourced from @​openzeppelin/contracts's releases.

v5.0.1

• ERC2771Context and Context: Introduce a _contextPrefixLength() getter, used to trim extra information appended to msg.data.
• Multicall: Make aware of non-canonical context (i.e. msg.sender is not _msgSender()), allowing compatibility with ERC2771Context.

v5.0.0

Additions Summary

The following contracts and libraries were added:

• AccessManager: A consolidated system for managing access control in complex systems.
  • AccessManaged: A module for connecting a contract to an authority in charge of its access control.
  • GovernorTimelockAccess: An adapter for time-locking governance proposals using an AccessManager.
  • AuthorityUtils: A library of utilities for interacting with authority contracts.
• GovernorStorage: A Governor module that stores proposal details in storage.
• ERC2771Forwarder: An ERC2771 forwarder for meta transactions.
• ERC1967Utils: A library with ERC1967 events, errors and getters.
• Nonces: An abstraction for managing account nonces.
• MessageHashUtils: A library for producing digests for ECDSA operations.
• Time: A library with helpers for manipulating time-related objects.

Removals Summary

The following contracts, libraries, and functions were removed:

• Address.isContract (because of its ambiguous nature and potential for misuse)
• Checkpoints.History
• Counters
• ERC20Snapshot
• ERC20VotesComp
• ERC165Storage (in favor of inheritance based approach)
• ERC777
• ERC1820Implementer
• GovernorVotesComp
• GovernorProposalThreshold (deprecated since 4.4)
• PaymentSplitter
• PullPayment
• SafeMath
• SignedSafeMath
• Timers
• TokenTimelock (in favor of VestingWallet)
• All escrow contracts (Escrow, ConditionalEscrow and RefundEscrow)
• All cross-chain contracts, including AccessControlCrossChain and all the vendored bridge interfaces
• All presets in favor of OpenZeppelin Contracts Wizard

These removals were implemented in the following PRs: #3637, #3880, #3945, #4258, #4276, #4289

Changes by category

General

... (truncated)

Changelog

Sourced from @​openzeppelin/contracts's changelog.

5.0.1 (2023-12-07)

• ERC2771Context and Context: Introduce a _contextPrefixLength() getter, used to trim extra information appended to msg.data.
• Multicall: Make aware of non-canonical context (i.e. msg.sender is not _msgSender()), allowing compatibility with ERC2771Context.

5.0.0 (2023-10-05)

Additions Summary

The following contracts and libraries were added:

• AccessManager: A consolidated system for managing access control in complex systems.
  • AccessManaged: A module for connecting a contract to an authority in charge of its access control.
  • GovernorTimelockAccess: An adapter for time-locking governance proposals using an AccessManager.
  • AuthorityUtils: A library of utilities for interacting with authority contracts.
• GovernorStorage: A Governor module that stores proposal details in storage.
• ERC2771Forwarder: An ERC2771 forwarder for meta transactions.
• ERC1967Utils: A library with ERC1967 events, errors and getters.
• Nonces: An abstraction for managing account nonces.
• MessageHashUtils: A library for producing digests for ECDSA operations.
• Time: A library with helpers for manipulating time-related objects.

Removals Summary

The following contracts, libraries, and functions were removed:

• Address.isContract (because of its ambiguous nature and potential for misuse)
• Checkpoints.History
• Counters
• ERC20Snapshot
• ERC20VotesComp
• ERC165Storage (in favor of inheritance based approach)
• ERC777
• ERC1820Implementer
• GovernorVotesComp
• GovernorProposalThreshold (deprecated since 4.4)
• PaymentSplitter
• PullPayment
• SafeMath
• SignedSafeMath
• Timers
• TokenTimelock (in favor of VestingWallet)
• All escrow contracts (Escrow, ConditionalEscrow and RefundEscrow)
• All cross-chain contracts, including AccessControlCrossChain and all the vendored bridge interfaces
• All presets in favor of OpenZeppelin Contracts Wizard

These removals were implemented in the following PRs: #3637, #3880, #3945, #4258, #4276, #4289

Changes by category

... (truncated)

Commits

• 01ef448 Release v5.0.1 (#4785)
• 9ce0340 Make Multicall context-aware
• 4eb67a4 Close access-control.adoc code block (#4726) (#4727)
• 83330a6 Add AccessManager guide (#4691) (#4724)
• ab967b8 Update the "utilities" documentation page (#4678)
• a34d986 Add note about SafeMath.sol remaining functions moved to Math.sol (#4676)
• 5161a4d Document ERC1155 event differences (#4666)
• 932fddf Release v5.0.0 (#4662)
• 7399588 Remove v5.0 release candidate note and add audit (#4663)
• 1273541 Exit release candidate
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[netlify]

✅ Deploy Preview for maci-typedoc ready!

Name	Link
🔨 Latest commit	a776160
🔍 Latest deploy log	https://app.netlify.com/sites/maci-typedoc/deploys/65f9cb854d88cb000815d47d
😎 Deploy Preview	https://deploy-preview-981--maci-typedoc.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[ctrlc03]

Bumps @openzeppelin/contracts from 4.9.5 to 5.0.1.

Release notes
Changelog
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

@0xmad reckon there's a way to prevent upgrading to packages with breaking changes? like if CI fails after update to just close itself? or what you think we should do in cases like this?

[0xmad]

@ctrlc03 I just update it manually but in case if there is a version we don't want to support we can just ignore this version with comment and it will be automatically closed and won't bother us again.

[ctrlc03]

@ctrlc03 I just update it manually but in case if there is a version we don't want to support we can just ignore this version with comment and it will be automatically closed and won't bother us again.

Nice, thanks for explaining!

[0xmad]

@ctrlc03 @kittybest @samajammin @yuetloo this PR contains @openzeppelin/contracts update which requires solidity compiler version 0.8.20.

[ctrlc03]

@ctrlc03 @kittybest @samajammin @yuetloo this PR contains @openzeppelin/contracts update which requires solidity compiler version 0.8.20.

@0xmad wondering if it's a good idea to update to 0.8.20 considering some chains still don't support the opcode 'push0' that was introduced with this version? example: https://docs.arbitrum.io/for-devs/concepts/differences-between-arbitrum-ethereum/solidity-support

[0xmad]

@ctrlc03 ok, we can leave this PR for now and wait when 0.8.20 is supported.

[yuetloo]

@ctrlc03 @kittybest @samajammin @yuetloo this PR contains @openzeppelin/contracts update which requires solidity compiler version 0.8.20.

@0xmad wondering if it's a good idea to update to 0.8.20 considering some chains still don't support the opcode 'push0' that was introduced with this version? example: https://docs.arbitrum.io/for-devs/concepts/differences-between-arbitrum-ethereum/solidity-support

Does it mean that after this PR, we need to explicitly set evmVersion to target paris when we compile the contracts for Abitrum?

[ctrlc03]

@ctrlc03 @kittybest @samajammin @yuetloo this PR contains @openzeppelin/contracts update which requires solidity compiler version 0.8.20.

@0xmad wondering if it's a good idea to update to 0.8.20 considering some chains still don't support the opcode 'push0' that was introduced with this version? example: https://docs.arbitrum.io/for-devs/concepts/differences-between-arbitrum-ethereum/solidity-support

Does it mean that after this PR, we need to explicitly set evmVersion to target paris when we compile the contracts for Abitrum?

yup, I would skip this upgrade for now tbh, seems like @0xmad too agrees

[ctrlc03]

Solidity 0.8.20 is not fully supported https://docs.arbitrum.io/for-devs/concepts/differences-between-arbitrum-ethereum/solidity-support

[github-advanced-security]

Slither found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.

[0xmad]

@ctrlc03 seems push0 is now supported

[ctrlc03]

@ctrlc03 seems push0 is now supported

should we merge it then?

[0xmad]

@ctrlc03 seems push0 is now supported

should we merge it then?

I don't mind but these changes will force users to update their own contract to the new solidity version.

[ctrlc03]

@ctrlc03 seems push0 is now supported

should we merge it then?

I don't mind but these changes will force users to update their own contract to the new solidity version.

guess as no one is using this latest dev changes, it might be fine? afaik clr.fund uses the 1.2 release