Bump hardhat from 2.9.3 to 2.13.0

[dependabot]

Bumps hardhat from 2.9.3 to 2.13.0.

Release notes

Sourced from hardhat's releases.

Hardhat v2.13.0 — ES Modules and compiling with viaIR

This new version of Hardhat adds two long-awaited features: ES Modules support, and better support for solc’s IR-based compilation pipeline. Besides that, this version includes several other improvements and bug fixes.

Remember to give this repo a star ⭐ if you are enjoying Hardhat!

ES Modules support

Hardhat was designed with CommonJS in mind, but in the last years adoption of ES Modules (ESM) has been growing. This version includes better support for it. You can now write scripts and tests as ESM, but your Hardhat config —and anything imported from it— still needs to use CommonJS.

ES modules let you use import/export and top-level await. This means that instead of writing a script like this:

// script.js
const helpers = require("@nomicfoundation/hardhat-network-helpers");
async function main() {
const latestBlockNumber = await helpers.time.latestBlock();
console.log("Latest block:", latestBlockNumber);
}
main()
.then(() => process.exit(0))
.catch(error => {
console.error(error);
process.exit(1);
});

you can now write a less verbose ESM script:

// script.mjs <-- notice the extension
import helpers from "@nomicfoundation/hardhat-network-helpers";
const latestBlockNumber = await helpers.time.latestBlock();
console.log("Latest block:", latestBlockNumber);

Check our guide about Using ES modules with Hardhat to learn more.

Huge thanks to @​phated, who started the work on this and helped us along the way.

IR-based compilation pipeline

The solc compiler has a newer, alternative way of generating bytecode through an intermediate representation (IR). Previous versions of Hardhat don’t work well with this compilation mode, especially when the optimizer is fully-enabled.

This release adds better support for the IR compilation pipeline, but you might still get some issues if you use the default settings. We recommend enabling the minimal necessary optimization steps when compiling with IR:

solidity: {
</tr></table> 

... (truncated)

Commits

• 57c56d2 Version Packages
• 6e61bab Merge pull request #3730 from NomicFoundation/fix-etherscan-bug
• 71c2ff1 Fix linter
• 18b08c5 Merge pull request #3731 from NomicFoundation/improve-3662
• f8eb7cf Fix broken tests
• 4b4e21a Remove validation for Hardhat Network as this is handled in a generic
• 7a5bc55 Create .changeset/hip-cameras-behave.md
• 235b12c Improve on #3662 by sending less ETH and locking it for a shorter time
• 6ecb74d Fix hardcoded URL in the etherscan plugin
• e51bb21 Merge pull request #3668 from NomicFoundation/use-vyper-mirror
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[socket-security]

Socket Security Pull Request Report

Dependency issues detected: If you merge this pull request, you will not be alerted to the instances of these issues again.

📜 Install scripts

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Package	Script field	Source
[email protected] (upgraded)	postinstall	package.json via @nomiclabs/[email protected], [email protected]

🫣 Native code

Contains native code which could be a vector to obscure malicious code, and generally decrease the likelihood of reproducible or reliable installs.

Ensure that native code bindings are expected. Consumers may consider pure JS and functionally similar alternatives to avoid the challenges and risks associated with native code bindings.

Package	Location	Source
[email protected] (added)	binding.gyp	package.json via @nomiclabs/[email protected], @nomiclabs/[email protected], @nomiclabs/[email protected], [email protected], [email protected], [email protected]

Pull request report summary

Issue	Status
Install scripts	⚠️ 1 issue
Native code	⚠️ 1 issue
Bin script shell injection	✅ 0 issues
Unresolved require	✅ 0 issues
Invalid package.json	✅ 0 issues
HTTP dependency	✅ 0 issues
Git dependency	✅ 0 issues
Potential typo squat	✅ 0 issues
Known Malware	✅ 0 issues
Telemetry	✅ 0 issues
Protestware/Troll package	✅ 0 issues

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore [email protected] bar@* or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore [email protected]
• @SocketSecurity ignore [email protected]

Powered by socket.dev

[dependabot]

Superseded by #222.