Prepare Release

[github-actions]

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and publish to npm yourself or setup this action to publish automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to master, this PR will be updated.

Releases

@openzeppelin/[email protected]

Changelog

2.0.1 (2025-08-20)

• Fix missing use clause in hooks for ERC20 votes (#637)

2.0.0 (2025-06-20)

• Add AccessControlWithDelay. (#506)

• Add security contact in contract info. (#558)

• Add support for Wizard MCP server. (#569)

• Breaking changes:

  • Use OpenZeppelin Contracts for Cairo v2.0.0. (#574)
  • Use OpenZeppelin Contracts for Cairo v2.0.0-alpha.1. (#533)
  • Use OpenZeppelin Contracts for Cairo v2.0.0-alpha.0. (#491)

1.1.0 (2025-04-01)

• Add Multisig tab. (#433)

1.0.0 (2025-02-25)

• Breaking changes:
  • Use OpenZeppelin Contracts for Cairo v1.0.0. (#458)

0.21.1 (2025-01-23)

• Update to use TypeScript v5. (#231)
• Remove unused dependencies. (#430)

0.21.0 (2025-01-13)

• Add Vesting tab. (#425)

• Breaking changes:

  • Remove isAccessControlRequired from governor and vesting. (#426)
  • Update Contracts Wizard license to AGPLv3. (#424)

0.20.1 (2024-12-17)

• Add OutsideExecution to accounts. (#422)

0.20.0 (2024-12-10)

• Add Governor tab. (#417)

• Breaking changes:

  • Use OpenZeppelin Contracts for Cairo v0.20.0. (#419)

0.19.0 (2024-11-27)

• Add ERC2981 (RoyaltyInfo) for ERC721 and ERC1155. (#413)

0.18.0 (2024-11-15)

• Breaking changes:
  • Use OpenZeppelin Contracts for Cairo v0.19.0. (#405)

0.17.0 (2024-10-22)

• Add ERC721 votes. (#399)

• Breaking changes:

  • Use OpenZeppelin Contracts for Cairo v0.18.0. (#399)
  • Use VotesComponent for ERC20 votes.

0.16.0 (2024-09-26)

• Add ERC721Enumerable. (#391)

• Breaking changes:

  • Use OpenZeppelin Contracts for Cairo v0.17.0. (#396)

0.15.0 (2024-09-19)

• Add Account and EthAccount. (#387)

• Breaking changes:

  • Use OpenZeppelin Contracts for Cairo v0.15.0. (#378)
  • Use OpenZeppelin Contracts for Cairo v0.16.0. (#384)

0.14.0 (2024-06-20)

• Breaking changes:
  • Use OpenZeppelin Contracts for Cairo v0.14.0. (#369)
  • Fix compile error with ERC1155 Burnable.

0.13.0 (2024-05-22)

• Breaking changes:
  • Use OpenZeppelin Contracts for Cairo v0.13.0. (#359)
  • Use Hooks with ERC721 and ERC1155.
  • Use Hooks for Pausable.

0.12.0 (2024-05-01)

• Add votes option to ERC20. (#355)
• Require appName and appVersion when votes is enabled.
• Sort implemented traits.
• Breaking changes:
  • Use OpenZeppelin Contracts for Cairo v0.12.0.
  • Use Hooks with ERC20.

0.11.0 (2024-04-17)

• Breaking changes:
  • Set upgradeable to true by default. (#334)

0.10.2 (2024-04-03)

• Use OpenZeppelin Contracts for Cairo v0.11.0. (#351)
• Add ERC1155.
• Remove redundant not paused assertions for camel case functions.
• Fix use of ERC20 mixin.
• Sort imports alphabetically.

0.10.1 (2024-03-27)

• Use mixins. (#348)

0.10.0 (2024-03-12)

• Breaking changes:
  • Use OpenZeppelin Contracts for Cairo v0.10.0. (#344)
  • ERC721: Remove token URI parameter from safe mint functions.
  • ERC721: Add optional base URI parameter. If not set, this defaults to empty string.
  • Use string literals for ByteArray initialization instead of short strings.

0.9.2 (2024-02-26)

• Remove code comment for Cairo lang version. (#337)

0.9.1 (2024-02-22)

• Add code comments for compatible OpenZeppelin Contracts for Cairo and Cairo lang versions. (#331)

0.9.0 (2024-02-12)

• Breaking changes:
  • Remove non-standard safeAllowance option from ERC20. (#324)
  • Use abi(embed_v0) attribute instead of external for impls derived from interfaces.
  • Use abi(per_item) attribute instead of external for impls with generated traits.

0.8.0 (2023-12-11)

• Breaking changes:
  • Use Cairo 1+ and OpenZeppelin Contracts for Cairo v0.8.0.
  • Remove functions for getInitialSupply and toUint256.
  • Remove ERC1155.
  • Role-Based Access Control adds separate constructor arguments to assign different users for different roles.
  • Throws error if name results in an identifer that is empty or does not have valid characters.
  • Throws error if name or symbol result in strings longer than 31 characters.

0.6.0 (2023-01-11)

• Add ERC1155. (#167)
• Update formatting. (#217)
• Breaking change: Renamed isApprovedForAll return variable name (isApproved -> approved) in ERC721. (#167)

0.5.0 (2022-09-22)

• Add owner view for Ownable. (#165)
• Implement Cairo 0.10 syntax changes. (#173)

0.4.0 (2022-08-04)

• Update directory structure for libraries. (#157)

0.3.1 (2022-07-12)

• Add Role-Based Access Control. (#147)

0.3.0 (2022-07-01)

• Support Contracts for Cairo v0.2.0. (#135)
• Support custom contract type, optional access control. (#140)

0.2.0 (2022-06-15)

• Update API format for Cairo. (#136)
• Add functions for getInitialSupply and toUint256. (#138)

0.1.0 (2022-05-13)

• Initial API for Cairo. (#127)

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Join our Discord community for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​openzeppelin/​hardhat-upgrades@​3.9.1
	@​openzeppelin/​contracts-upgradeable@​5.4.0

View full report

[socket-security]

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Block		[email protected] is a AI-detected potential code anomaly. Notes: The analyzed code appears to implement a standard in-memory cache batch operation flow (put/delete) with careful handling of response bodies by buffering and storing bytes for caching. No signs of malware, data exfiltration, backdoors, or obfuscated behavior were found. The primary security considerations relate to memory usage from buffering potentially large response bodies and ensuring robust validation within batch operations to prevent cache state corruption. Overall risk is moderate, driven by in-memory data handling rather than external communication. Confidence: 1.00 Severity: 0.60 From: packages/core/solidity/src/environments/hardhat/upgradeable/package-lock.json → npm/@openzeppelin/[email protected] → npm/[email protected] ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Ignoring alerts on:

• [email protected]

View full report

[ericglau]

@SocketSecurity ignore npm/[email protected]
Will be addressed in #633