feat: added comprehensive Celo Sepolia testnet support

[Kanasjnr]

This commit implements full Celo Sepolia testnet integration into Celo Composer, enabling developers to deploy contracts and build dApps on the new long-term developer testnet before Alfajores deprecation on September 30, 2025.

Backend Changes (Hardhat):

• Added Celo Sepolia network configuration with chain ID 11142220
• Configured RPC endpoint: https://forno.celo-sepolia.celo-testnet.org
• Added block explorer: https://celo-sepolia.blockscout.com
• Integrated etherscan verification support for Celo Sepolia
• Added @types/node dependency to resolve TypeScript compilation issues
• Updated hardhat.config.ts with complete network and verification setup

Frontend Changes (React):

• Added Celo Sepolia chain definition to AppProvider.tsx
• Integrated Celo Sepolia into wagmi configuration
• Added HTTP transport configuration for Celo Sepolia network
• Ensured Celo Sepolia appears in wallet connection options

Documentation Updates:

• Updated main README.md with network migration notice
• Added Celo Sepolia faucet links and deployment instructions
• Updated packages/hardhat/README.md with comprehensive deployment guide
• Added contract verification instructions for Celo Sepolia
• Created test-celo-sepolia.md with step-by-step testing examples
• Included troubleshooting guide and verification checklist

Testing & Verification:

• Successfully deployed Lock.sol contract to Celo Sepolia
• Verified network connectivity and contract deployment
• Tested React app integration and wallet connection
• Confirmed all builds complete successfully
• Validated end-to-end functionality

Migration Support:

• Provided clear migration path from Alfajores to Celo Sepolia
• Added deprecation notices for Alfajores (Sept 2025)
• Included faucet links for test token acquisition
• Documented key differences between testnets

Technical Details:

• Chain ID: 11142220
• Network Name: Celo Sepolia
• RPC URL: https://forno.celo-sepolia.celo-testnet.org
• Block Explorer: https://celo-sepolia.blockscout.com
• Native Currency: CELO (18 decimals)

This implementation ensures Celo Composer users can seamlessly transition to Celo Sepolia and continue development on the new long-term testnet.

Closes #362

[netlify]

👷 Deploy request for celo-composer pending review.

Visit the deploys page to approve it

Name	Link
🔨 Latest commit	cbeca65

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	eslint-config-oclif@​5.2.2
	eslint-config-oclif-typescript@​3.1.14
	chain@​0.4.2
	eslint-config-prettier@​9.1.0
	lodash.kebabcase@​4.1.1
	@​nomicfoundation/​hardhat-toolbox@​5.0.0
	@​nomicfoundation/​ignition-core@​0.15.13
	@​typechain/​ethers-v6@​0.5.1
	@​typechain/​hardhat@​9.1.0
	typechain@​8.3.2
	ts-node@​10.9.2
	hardhat-gas-reporter@​1.0.10
	ora@​5.4.1
	shx@​0.3.4
	node-emoji@​1.11.0
	@​nomicfoundation/​hardhat-network-helpers@​1.1.0
	chai@​4.5.0
	@​nomiclabs/​hardhat-ethers@​2.2.3
	shelljs@​0.8.5
	execa@​9.6.0
	solidity-coverage@​0.8.16
	@​nomicfoundation/​hardhat-ignition-ethers@​0.15.14
	commander@​9.5.0
	yargs@​15.4.1 ⏵ 17.5.1	+1
	fs-extra@​10.1.0
	hardhat@​2.26.3
	typescript@​5.8.2 ⏵ 5.8.3
	@​nomicfoundation/​hardhat-chai-matchers@​2.1.0
	@​nomicfoundation/​hardhat-ignition@​0.15.13
	mocha@​10.8.2
	dotenv@​16.6.1
	eslint@​9.22.0 ⏵ 8.57.1
	oclif@​4.18.0
See 3 more rows in the dashboard

View full report

[socket-security]

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Block		secp256k1@4.0.4 has Native code. Location: Package overview From: ? → npm/@nomicfoundation/hardhat-network-helpers@1.1.0 → npm/secp256k1@4.0.4 ℹ Read more on: This package | This alert | Why is native code a concern? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Verify that the inclusion of native code is expected and necessary for this package's functionality. If it is unnecessary or unexpected, consider using alternative packages without native code to mitigate potential risks. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/secp256k1@4.0.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		unrs-resolver@1.7.9 has Install scripts. Install script: postinstall Source: napi-postinstall unrs-resolver 1.7.9 check From: pnpm-lock.yaml → npm/eslint-config-oclif-typescript@3.1.14 → npm/unrs-resolver@1.7.9 ℹ Read more on: This package | This alert | What is an install script? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/unrs-resolver@1.7.9. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		yarn@1.22.22 has Install scripts. Install script: preinstall Source: :; (node ./preinstall.js > /dev/null 2>&1 || true) From: pnpm-lock.yaml → npm/@oclif/plugin-plugins@5.4.38 → npm/yarn@1.22.22 ℹ Read more on: This package | This alert | What is an install script? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/yarn@1.22.22. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		execa@9.6.0 is a AI-detected potential code anomaly. Notes: The module implements a standard, defensive normalization pattern for child process spawning. There is no evidence of malicious behavior, data exfiltration, or covert network activity within this fragment. The primary security considerations relate to environment manipulation and private API usage, which are acceptable with proper validation and maintenance. Overall risk remains low to moderate depending on caller trust and validators' robustness. Confidence: 1.00 Severity: 0.60 From: package.json → npm/execa@9.6.0 ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/execa@9.6.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		npm@10.9.2 is a AI-detected potential code anomaly. Notes: The code sets up signal listeners to handle termination signals in a Node.js process and execute a provided callback. While it does not contain overtly malicious behavior, there are some suspicious elements and potential risks. The use of empty try/catch blocks to ignore errors could hide issues. Killing the process with the received signal and setting an empty timeout afterwards is unusual and raises questions about the code's intent. Increasing the max listeners count could also be used to circumvent listener limits. However, without more context about the intended use case, it's difficult to conclude definitively that this code is malicious. The suspicious behaviors warrant caution and further review to determine if they could be exploited for malicious purposes. Confidence: 1.00 Severity: 0.60 From: pnpm-lock.yaml → npm/@oclif/plugin-plugins@5.4.38 → npm/npm@10.9.2 ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/npm@10.9.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		undici@5.29.0 is a AI-detected potential code anomaly. Notes: The code appears to be a WebAssembly (WASM) module implementing HTTP parsing functionality. The code contains suspicious elements such as ability to handle HTTP headers, message bodies, and chunk extensions. While it may be legitimate parser code, the obfuscated nature and presence of low-level binary operations warrants careful review due to potential for misuse in HTTP request/response manipulation or header injection attacks. Confidence: 1.00 Severity: 0.60 From: ? → npm/@nomicfoundation/hardhat-verify@2.1.1 → npm/hardhat@2.26.3 → npm/undici@5.29.0 ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/undici@5.29.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[Kanasjnr]

@GigaHierz

[viral-sangani]

Hey @Kanasjnr can't merge the request right now as we are waiting for #360 to be merged which will change the whole architecture of the app.
cc @GigaHierz