Bump the npm_and_yarn group across 2 directories with 7 updates

[dependabot]

Bumps the npm_and_yarn group with 7 updates in the / directory:

Package	From	To
@openzeppelin/contracts	4.9.2	4.9.6
@openzeppelin/contracts-upgradeable	5.0.1	5.0.2
vite	4.5.2	4.5.3
braces	3.0.2	3.0.3
follow-redirects	1.15.5	1.15.6
tar	6.2.0	6.2.1
zod	3.22.2	3.23.8

Bumps the npm_and_yarn group with 1 update in the /packages/1155-contracts directory: @openzeppelin/contracts.

Updates @openzeppelin/contracts from 4.9.2 to 4.9.6

Release notes

Sourced from @​openzeppelin/contracts's releases.

v4.9.6

• Base64: Fix issue where dirty memory located just after the input buffer is affecting the result. (#4929)

v4.9.5

• Multicall: Make aware of non-canonical context (i.e. msg.sender is not _msgSender()), allowing compatibility with ERC2771Context. Patch duplicated Address.functionDelegateCall in v4.9.4 (removed).

v4.9.4

• ERC2771Context and Context: Introduce a _contextPrefixLength() getter, used to trim extra information appended to msg.data.
• Multicall: Make aware of non-canonical context (i.e. msg.sender is not _msgSender()), allowing compatibility with ERC2771Context.

v4.9.3

Note This release contains a fix for GHSA-g4vp-m682-qqmp.

• ERC2771Context: Return the forwarder address whenever the msg.data of a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length is less than 20 bytes), as specified by ERC-2771. (#4481)
• ERC2771Context: Prevent revert in _msgData() when a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length is less than 20 bytes). Return the full calldata in that case. (#4484)

Changelog

Sourced from @​openzeppelin/contracts's changelog.

4.9.6 (2024-02-29)

• Base64: Fix issue where dirty memory located just after the input buffer is affecting the result. (#4929)

4.9.5 (2023-12-08)

• Multicall: Make aware of non-canonical context (i.e. msg.sender is not _msgSender()), allowing compatibility with ERC2771Context. Patch duplicated Address.functionDelegateCall in v4.9.4 (removed).

4.9.3 (2023-07-28)

• ERC2771Context: Return the forwarder address whenever the msg.data of a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length is less than 20 bytes), as specified by ERC-2771. (#4481)
• ERC2771Context: Prevent revert in _msgData() when a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length is less than 20 bytes). Return the full calldata in that case. (#4484)

Commits

• dc44c9f Release v4.9.6 (#4931)
• a6286d0 Port Base64 tests to truffle (#4926) (#4929)
• bd325d5 Release v4.9.5 (#4790)
• ad6a5b6 Add changeset
• 88ac712 Replace double functionDelegateCall
• a83918d Bump node CI version to 16.x
• 0d5f54e Release v4.9.4 (#4784)
• ccfffe1 Make Multicall context-aware
• 9329cfa Remove Wizard page from 4.x
• e1b3d8c Remove Wizard from 4.x navigation
• Additional commits viewable in compare view

Updates @openzeppelin/contracts-upgradeable from 5.0.1 to 5.0.2

Release notes

Sourced from @​openzeppelin/contracts-upgradeable's releases.

v5.0.2

• Base64: Fix issue where dirty memory located just after the input buffer is affecting the result. (#4926)

Changelog

Sourced from @​openzeppelin/contracts-upgradeable's changelog.

5.0.2 (2024-02-29)

• Base64: Fix issue where dirty memory located just after the input buffer is affecting the result. (#4926)

Commits

• 723f8ca Transpile dbb6104ce
• 1ff54db Transpile 26b4b6099
• f542046 Transpile d4ec2782b
• 183376d Transpile f7bb9881
• c104a41 Transpile e53f81b7
• See full diff in compare view

Updates vite from 4.5.2 to 4.5.3

Changelog

Sourced from vite's changelog.

4.5.3 (2024-03-24)

• fix: fs.deny with globs with directories (#16250) (96a7f3a), closes #16250

Commits

• aac695e release: v4.5.3
• 96a7f3a fix: fs.deny with globs with directories (#16250)
• See full diff in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

• 74b2db2 3.0.3
• 88f1429 update eslint. lint, fix unit tests.
• 415d660 Snyk js braces 6838727 (#40)
• 190510f fix tests, skip 1 test in test/braces.expand
• 716eb9f readme bump
• a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
• 2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
• 9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
• 98414f9 remove funding file
• 665ab5d update keepEscaping doc (#27)
• Additional commits viewable in compare view

Updates follow-redirects from 1.15.5 to 1.15.6

Commits

• 35a517c Release version 1.15.6 of the npm package.
• c4f847f Drop Proxy-Authorization across hosts.
• 8526b4a Use GitHub for disclosure.
• See full diff in compare view

Updates tar from 6.2.0 to 6.2.1

Commits

• bef7b1e 6.2.1
• fe8cd57 prevent extraction in excessively deep subfolders
• fe7ebfd remove security.md
• See full diff in compare view

Updates zod from 3.22.2 to 3.23.8

Release notes

Sourced from zod's releases.

v3.23.8

Commits:

• 0f4d403558ae0490c711e4c2bfcf6c200bd14e11 Add Bronze logos (#3470)
• 19687315b5b24bbd1ff6c346bfc2975700221748 Tweak tiers (#3471)
• eda7df314399929f7ed737423868a5a0780cd944 Change RefinementCtx to interface
• ca42965df46b2f7e2747db29c40a26bcb32a51d5 v3.23.8

v3.23.7

Commits:

• 29d2ea2a15f0b1ac4b89138041f786a3dafc490b Add copper
• d969423266fccee56ef769da6744cc8bacb04550 Fix #3437: extendShape erases JSDoc property documentation (#3463)
• 2239ff3ccc9af4d28bee27bd6fb2a5632844480b Add social crow
• f985b5b922cb357dbf4b25bb43814d19f838e046 3.23.7

v3.23.6

Commits:

• bc0095aab9e7254deb18701adc63de128ca2c742 Test on latest node
• 6e5699a30373cc22879f2bcb6902fc138518c980 Lint on latest node
• 1f466d9d00f446d7bed1962990e7a1ce813ab0d4 describe how one can protect from cyclical objects starting an infini… (#3447)
• 3fed6f21e0ea7adc91aa0cc44f75bcf4e526d98e Add zod playground link (#3454)
• 04e1f379f6989d23dd45660fcabc78f76d7834f8 Fixed freezing async ZodReadonly results (#3457)
• b87e59d0e4bbb4403bf27243afdcda9fcdeec258 Update sponsor tiers (#3453)
• 143886151bba3930bdcc10d34a1cff4bf9103ba8 Add copper tier (#3460)
• ce3711e1384952d255769b9495f9bfadfb327291 add VSCode dev container support and documenation
• 93b480b12ec3466cbd3b4182f7ce292e5c61528c v3.23.6

v3.23.5

Commits:

• 110b8211f991b3e060ab2da4fec7b63d600439ad Update README_ZH.md (#3433)
• c1910bdfc98709b8f14231e2cefc5a3be401e3ee Made ZodEnum take readonly string array (#3444)
• 541a862e978f96eb391849a6bf16be84231aa1b3 3.23.5

v3.23.4

Commits:

• 157b18d742c86d85b26a8421af46ad6d6d6b6ea7 Add 3.23 announcement
• aedf93f1435a29463d915c3be45b4dcbeefa8cc1 Revert change to default Input
• 45107f7a7230fe48ee24dc37e621422c9dc64ec4 v3.23.4

v3.23.3

Commits:

• 103d2436f85872ca0e0e6247652989cc93d46a39 3.23.3

v3.23.2

Commits:

... (truncated)

Commits

• ca42965 v3.23.8
• eda7df3 Change RefinementCtx to interface
• 1968731 Tweak tiers (#3471)
• 0f4d403 Add Bronze logos (#3470)
• f985b5b 3.23.7
• 2239ff3 Add social crow
• d969423 Fix #3437: extendShape erases JSDoc property documentation (#3463)
• 29d2ea2 Add copper
• 93b480b v3.23.6
• ce3711e add VSCode dev container support and documenation
• Additional commits viewable in compare view

Updates @openzeppelin/contracts from 4.9.2 to 4.9.6

Release notes

Sourced from @​openzeppelin/contracts's releases.

v4.9.6

• Base64: Fix issue where dirty memory located just after the input buffer is affecting the result. (#4929)

v4.9.5

• Multicall: Make aware of non-canonical context (i.e. msg.sender is not _msgSender()), allowing compatibility with ERC2771Context. Patch duplicated Address.functionDelegateCall in v4.9.4 (removed).

v4.9.4

• ERC2771Context and Context: Introduce a _contextPrefixLength() getter, used to trim extra information appended to msg.data.
• Multicall: Make aware of non-canonical context (i.e. msg.sender is not _msgSender()), allowing compatibility with ERC2771Context.

v4.9.3

Note This release contains a fix for GHSA-g4vp-m682-qqmp.

• ERC2771Context: Return the forwarder address whenever the msg.data of a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length is less than 20 bytes), as specified by ERC-2771. (#4481)
• ERC2771Context: Prevent revert in _msgData() when a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length is less than 20 bytes). Return the full calldata in that case. (#4484)

Changelog

Sourced from @​openzeppelin/contracts's changelog.

4.9.6 (2024-02-29)

• Base64: Fix issue where dirty memory located just after the input buffer is affecting the result. (#4929)

4.9.5 (2023-12-08)

• Multicall: Make aware of non-canonical context (i.e. msg.sender is not _msgSender()), allowing compatibility with ERC2771Context. Patch duplicated Address.functionDelegateCall in v4.9.4 (removed).

4.9.3 (2023-07-28)

• ERC2771Context: Return the forwarder address whenever the msg.data of a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length is less than 20 bytes), as specified by ERC-2771. (#4481)
• ERC2771Context: Prevent revert in _msgData() when a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length is less than 20 bytes). Return the full calldata in that case. (#4484)

Commits

• dc44c9f Release v4.9.6 (#4931)
• a6286d0 Port Base64 tests to truffle (#4926) (#4929)
• bd325d5 Release v4.9.5 (#4790)
• ad6a5b6 Add changeset
• 88ac712 Replace double functionDelegateCall
• a83918d Bump node CI version to 16.x
• 0d5f54e Release v4.9.4 (#4784)
• ccfffe1 Make Multicall context-aware
• 9329cfa Remove Wizard page from 4.x
• e1b3d8c Remove Wizard from 4.x navigation
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
npm/@openzeppelin/contracts	4.9.6	🟢 6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 5 5 existing vulnerabilities detected
npm/@openzeppelin/contracts-upgradeable	^5.0.2	🟢 5.1	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 no SAST tool detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 5 5 existing vulnerabilities detected
npm/@openzeppelin/contracts	^4.9.6	🟢 6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 5 5 existing vulnerabilities detected
npm/@openzeppelin/contracts-upgradeable	^5.0.2	🟢 5.1	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 no SAST tool detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 5 5 existing vulnerabilities detected
npm/vite	^4.5.3	🟢 5.6	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 7 Found 20/28 approved changesets -- score normalized to 7 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 7 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 7 3 existing vulnerabilities detected
npm/@openzeppelin/contracts	^4.9.6	🟢 6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 5 5 existing vulnerabilities detected
npm/@openzeppelin/contracts	4.9.6	🟢 6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 5 5 existing vulnerabilities detected
npm/@openzeppelin/contracts-upgradeable	5.0.2	🟢 5.1	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 no SAST tool detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 5 5 existing vulnerabilities detected
npm/tar	6.2.1	🟢 4.8	Details Check Score Reason Maintained 🟢 10 15 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 0 Found 1/24 approved changesets -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/vite	4.5.3	🟢 5.6	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 7 Found 20/28 approved changesets -- score normalized to 7 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 7 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 7 3 existing vulnerabilities detected
npm/zod	3.23.8	🟢 4.4	Details Check Score Reason Code-Review ⚠️ 1 Found 5/30 approved changesets -- score normalized to 1 Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 5 5 existing vulnerabilities detected

Scanned Manifest Files

packages/1155-contracts/package.json

• @openzeppelin/[email protected]
• @openzeppelin/[email protected]

packages/frames/package.json

• @openzeppelin/contracts-upgradeable@^5.0.2
• @openzeppelin/contracts-upgradeable@^5.0.1

packages/mints/package.json

• @openzeppelin/contracts@^4.9.6
• @openzeppelin/contracts-upgradeable@^5.0.2
• @openzeppelin/contracts@^5.0.1
• @openzeppelin/contracts-upgradeable@^5.0.1

packages/protocol-sdk/package.json

• vite@^4.5.3
• vite@^4.5.0

packages/shared-contracts/package.json

• @openzeppelin/contracts@^4.9.6
• @openzeppelin/contracts@^5.0.1

yarn.lock

• [email protected]
• [email protected]
• @openzeppelin/[email protected]
• [email protected]
• [email protected]
• [email protected]
• @openzeppelin/[email protected]
• @openzeppelin/[email protected]
• [email protected]
• @openzeppelin/[email protected]
• @openzeppelin/[email protected]
• [email protected]
• [email protected]
• [email protected]
• @rollup/[email protected]
• @rollup/[email protected]
• @rollup/[email protected]
• @rollup/[email protected]
• @rollup/[email protected]
• @rollup/[email protected]
• @rollup/[email protected]
• @rollup/[email protected]
• @rollup/[email protected]
• @rollup/[email protected]
• @rollup/[email protected]
• @rollup/[email protected]
• @rollup/[email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]