Skip to content

chore(deps): update hardhat packages (major)#203

Open
renovate[bot] wants to merge 1 commit intomainfrom
renovate/major-hardhat-packages
Open

chore(deps): update hardhat packages (major)#203
renovate[bot] wants to merge 1 commit intomainfrom
renovate/major-hardhat-packages

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Nov 4, 2025
edited
Loading

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Type Update Change OpenSSF
@nomicfoundation/hardhat-ethers (source) devDependencies major 3.1.24.0.9 OpenSSF Scorecard
@nomicfoundation/hardhat-foundry (source) dependencies major 1.2.03.0.2 OpenSSF Scorecard
@nomicfoundation/hardhat-ignition-viem (source) dependencies major 0.15.163.1.4 OpenSSF Scorecard
@nomicfoundation/hardhat-toolbox (source) devDependencies major 6.1.07.0.0 OpenSSF Scorecard
@nomicfoundation/hardhat-toolbox-viem (source) dependencies major 4.1.15.0.4 OpenSSF Scorecard
@nomiclabs/hardhat-solhint (source) dependencies major 4.1.05.0.0 OpenSSF Scorecard
hardhat (source) dependencies major 2.27.13.4.2 OpenSSF Scorecard

Release Notes

NomicFoundation/hardhat (@​nomicfoundation/hardhat-ethers)

v4.0.9

Compare Source

Patch Changes

v4.0.8

Compare Source

Patch Changes

v4.0.7

Compare Source

Patch Changes

v4.0.6

Compare Source

Patch Changes
  • bc193be: Use concrete value types for contract names in hardhat-viem and hardhat-ethers

v4.0.5

Compare Source

Patch Changes
  • 6674b00: Bump hardhat-utils major

v4.0.4

Compare Source

Patch Changes
  • 5abcee6: Use Osaka as the default EVM target for solc 0.8.31+ and increase the gas limit per EIP-7935. Thanks @​Amxx! (#​7813)

v4.0.3

Compare Source

Patch Changes
  • 558ac5b: Update installation and config instructions

v4.0.2

Compare Source

Patch Changes
  • 138d673: Added network.createServer(...) to spawn a Hardhat node programmatically (#​6472)

v4.0.1

Compare Source

Patch Changes

v4.0.0

Compare Source

Major Changes
  • 29cc141: First release of Hardhat 3!

v3.1.3

Compare Source

This release updates the default gas limit to take into account the Osaka transaction limit.

Changes
  • c69b99d: Update default gas limit to take into account osaka transaction limit (#​7751)

💡 The Nomic Foundation is hiring! Check our open positions.

NomicFoundation/hardhat (@​nomicfoundation/hardhat-foundry)

v3.0.2

Compare Source

Patch Changes

v3.0.1

Compare Source

Patch Changes

v3.0.0

Compare Source

Major Changes
  • 4cd63e9: Introduce the @nomicfoundation/hardhat-foundry plugin for Hardhat 3

v1.2.1

Compare Source

NomicFoundation/hardhat (@​nomicfoundation/hardhat-ignition-viem)

v3.1.4

Compare Source

Patch Changes

v3.1.3

Compare Source

Patch Changes

v3.1.2

Compare Source

Patch Changes

v3.1.1

Compare Source

Patch Changes

v3.1.0

Compare Source

Minor Changes
Patch Changes

v3.0.9

Compare Source

Patch Changes

v3.0.8

Compare Source

Patch Changes
  • 6674b00: Bump hardhat-utils major

v3.0.7

Compare Source

Patch Changes
  • 2bc18b2: Bumped viem version across all packages 7861.

v3.0.6

Compare Source

Patch Changes
  • dac916b: Expose ignition retry loop variables in user config (Hardhat v3) (#​7303)

v3.0.5

Compare Source

Patch Changes
  • d1c1803: Make @nomicfoundation/hardhat-ignition's UI work well with other plugins, like Ledger's.

v3.0.4

Compare Source

Patch Changes
  • 843c1ae: Fixed a bug preventing Ignition from using the hre.config.ignition settings when deploying via script (#​7641)
  • 558ac5b: Update installation and config instructions

v3.0.3

Compare Source

Patch Changes

v3.0.2

Compare Source

Patch Changes
  • ddefbff: Added guard to stop multiple simultaneous calls to ignition.deploy(...) at once (#​6440)

v3.0.1

Compare Source

Patch Changes

v3.0.0

Compare Source

Major Changes
  • 29cc141: First release of Hardhat 3!
NomicFoundation/hardhat (@​nomicfoundation/hardhat-toolbox)

v7.0.0

Compare Source

v6.1.2

Compare Source

This release is a small bump to the version of solidity-coverage to include changes for the Osaka transaction gas limit.

Changes
  • a7e4215: Update solidity-coverage minimum version to include Osaka changes

💡 The Nomic Foundation is hiring! Check our open positions.

v6.1.1

Compare Source

This release is a small bug fix to re-enable the REPORT_GAS envvar when used with the Hardhat toolboxes.

Changes
  • dc7ff8c: Fix REPORT_GAS envvar in toolboxes (#​7367)
  • 9d10226: Links in the code and READMEs updated to point to the Hardhat 2 documentation and resources

💡 The Nomic Foundation is hiring! Check our open positions.

NomicFoundation/hardhat (@​nomicfoundation/hardhat-toolbox-viem)

v5.0.4

Compare Source

Patch Changes

  • #​8104 e27a7ad Thanks @​ChristopherDedominici! - Use code 3 for JSON-RPC revert error codes to align with standard node behavior and preserve error causes in viem/ethers.

  • #​8096 7fb721b Thanks @​alcuadrado! - [chore] Move to packages/ folder.

  • #​8116 88787e1 Thanks @​kanej! - Deprecate the hre.network.connect() method in favour of hre.network.create(), exactly the same method but more clearly indicating that it will create a new connection.

  • Updated dependencies:

    • hardhat@​3.4.0

v5.0.3

Compare Source

Patch Changes

v5.0.2

Compare Source

Patch Changes
  • 2bc18b2: Bumped viem version across all packages 7861.

v5.0.1

Compare Source

Patch Changes
  • 558ac5b: Update installation and config instructions

v5.0.0

Compare Source

Major Changes
  • 29cc141: First release of Hardhat 3!

v4.1.2

Compare Source

This release is a small bump to the version of solidity-coverage to include changes for the Osaka transaction gas limit.

Changes
  • a7e4215: Update solidity-coverage minimum version to include Osaka changes

💡 The Nomic Foundation is hiring! Check our open positions.

NomicFoundation/hardhat (@​nomiclabs/hardhat-solhint)

v5.0.0

Compare Source

v4.1.2

Compare Source

v4.1.1

Compare Source

NomicFoundation/hardhat (hardhat)

v3.4.2

Compare Source

Patch Changes

v3.4.1

Compare Source

Patch Changes

v3.4.0

Compare Source

Minor Changes
Patch Changes

v3.3.0

Compare Source

Minor Changes
Patch Changes

v3.2.0

Compare Source

Minor Changes
Patch Changes

v3.1.12

Compare Source

Patch Changes
  • 01b41ee: Added support for function gas snapshots and snapshot cheatcodes in Solidity tests with --snapshot and --snapshot-check flags (#​7769)
  • e37f96c: Add TestRunResult type that wraps TestSummary, allowing plugins to extend test results with additional data
  • bda5a0a: Bumped EDR version to 0.12.0-next.28

v3.1.11

Compare Source

Patch Changes

  • 2cbf218: Bumped EDR version to 0.12.0-next.27

    BREAKING CHANGE: Memory capture used to be enabled by default on geth, but has since been flipped ethereum/go-ethereum#23558 and is now disabled by default. We have followed suit and disabled it by default as well. If you were relying on memory capture, you will need to explicitly enable it by setting the enableMemory option to true in your tracer configuration.

  • bc193be: Use concrete value types for contract names in hardhat-viem and hardhat-ethers

  • 2cbf218: Make SolidityBuildSystem easier to work with (#​7988)

  • 19b691d: Fix typo in assertion message #​8028

  • 2cbf218: Expose Result type for task action success/failure signaling.

  • [2cbf218

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added the dependencies label Nov 4, 2025
sentry[bot]
sentry Bot reviewed Nov 4, 2025
View reviewed changes
Comment thread package.json Outdated
"@nomicfoundation/hardhat-foundry": "1.2.0",
"@nomicfoundation/hardhat-ignition-viem": "0.15.14",
"@nomicfoundation/hardhat-toolbox-viem": "4.1.1",
"@nomicfoundation/hardhat-ignition-viem": "3.0.4",
Copy link
Copy Markdown

@sentry sentry Bot Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Missing peer dependency @nomicfoundation/hardhat-ignition for @nomicfoundation/hardhat-ignition-viem@3.0.4 will cause runtime failures.
Severity: CRITICAL | Confidence: 0.95

🔍 Detailed Analysis

The update of @nomicfoundation/hardhat-ignition-viem to 3.0.4 introduces a peer dependency on @nomicfoundation/hardhat-ignition: ^3.0.2 which is not declared in package.json. This will cause a runtime failure when ignition.deploy() is called in tests or deployment scripts, as the core hardhat-ignition package will be missing. Additionally, the significant version jump from 0.15.x to 3.0.x for hardhat-ignition implies potential API breaking changes that could further disrupt existing ignition modules and scripts.

💡 Suggested Fix

Add @nomicfoundation/hardhat-ignition: ^3.0.2 to package.json dependencies. Review ignition modules and deployment scripts for compatibility with hardhat-ignition v3.0.x API changes.

🤖 Prompt for AI Agent 
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: package.json#L43

Potential issue: The update of `@nomicfoundation/hardhat-ignition-viem` to `3.0.4`
introduces a peer dependency on `@nomicfoundation/hardhat-ignition: ^3.0.2` which is not
declared in `package.json`. This will cause a runtime failure when `ignition.deploy()`
is called in tests or deployment scripts, as the core `hardhat-ignition` package will be
missing. Additionally, the significant version jump from 0.15.x to 3.0.x for
`hardhat-ignition` implies potential API breaking changes that could further disrupt
existing `ignition` modules and scripts.

Did we get this right? 👍 / 👎 to inform future reviews.

cubic-dev-ai[bot]
cubic-dev-ai Bot reviewed Nov 4, 2025
View reviewed changes
Copy link
Copy Markdown

@cubic-dev-ai cubic-dev-ai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 2 files

@renovate renovate Bot force-pushed the renovate/major-hardhat-packages branch 5 times, most recently from 42e4f98 to 4022c2a Compare November 11, 2025 14:58
@renovate renovate Bot force-pushed the renovate/major-hardhat-packages branch 2 times, most recently from d933376 to d6ca918 Compare November 16, 2025 03:26
@renovate renovate Bot force-pushed the renovate/major-hardhat-packages branch 4 times, most recently from 37ef806 to d5e9260 Compare December 4, 2025 04:46
@renovate renovate Bot force-pushed the renovate/major-hardhat-packages branch from d5e9260 to d2e3939 Compare December 11, 2025 03:28
@renovate renovate Bot force-pushed the renovate/major-hardhat-packages branch 2 times, most recently from d2674a4 to 066f00b Compare December 30, 2025 15:57
@renovate renovate Bot force-pushed the renovate/major-hardhat-packages branch 2 times, most recently from d219074 to 541671b Compare January 14, 2026 19:33
@renovate renovate Bot force-pushed the renovate/major-hardhat-packages branch from 541671b to 8d3d57f Compare January 19, 2026 22:54
@renovate renovate Bot force-pushed the renovate/major-hardhat-packages branch 2 times, most recently from c0138f2 to f6023bc Compare February 5, 2026 19:49
@renovate renovate Bot force-pushed the renovate/major-hardhat-packages branch from f6023bc to ce68ad7 Compare February 12, 2026 13:06
@renovate renovate Bot force-pushed the renovate/major-hardhat-packages branch 3 times, most recently from b65f89c to d2c23e5 Compare February 26, 2026 19:18
@renovate renovate Bot force-pushed the renovate/major-hardhat-packages branch 2 times, most recently from 0e195f7 to f292513 Compare March 11, 2026 15:40
@renovate renovate Bot force-pushed the renovate/major-hardhat-packages branch 2 times, most recently from f9c80b4 to d69795e Compare March 19, 2026 22:11
@renovate renovate Bot force-pushed the renovate/major-hardhat-packages branch 2 times, most recently from a824935 to 74214e0 Compare March 31, 2026 15:40
@socket-security
Copy link
Copy Markdown

socket-security Bot commented Mar 31, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updated@​nomiclabs/​hardhat-solhint@​4.1.0 ⏵ 5.0.09310069 -1388 +6100
Updated@​nomicfoundation/​hardhat-toolbox@​6.1.0 ⏵ 7.0.0100 +310069 -788 +4100
Updated@​nomicfoundation/​hardhat-foundry@​1.2.0 ⏵ 3.0.288 +110079 +591 +10100
Updatedhardhat@​2.27.1 ⏵ 3.4.199 +610082 -996 -1100 +20
Updated@​nomicfoundation/​hardhat-ignition-viem@​0.15.16 ⏵ 3.1.388 +210083 -296 +2100
Updated@​nomicfoundation/​hardhat-toolbox-viem@​4.1.1 ⏵ 5.0.483 -610089 +1494 +1100
Updated@​nomicfoundation/​hardhat-ethers@​3.1.2 ⏵ 4.0.9100 +1100100 +196 +5100

View full report

@renovate renovate Bot force-pushed the renovate/major-hardhat-packages branch from 74214e0 to 0453ee2 Compare April 16, 2026 21:14
@socket-security
Copy link
Copy Markdown

socket-security Bot commented Apr 16, 2026
edited
Loading

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
High CVE: lodash vulnerable to Code Injection via _.template imports key names in npm `lodash-es`

CVE: GHSA-r5fr-rjxr-66jc lodash vulnerable to Code Injection via _.template imports key names (HIGH)

Affected versions: >= 4.0.0 < 4.18.0

Patched version: 4.18.0

From: ?npm/@nomicfoundation/hardhat-toolbox-viem@5.0.4npm/@nomicfoundation/hardhat-ignition-viem@3.1.3npm/lodash-es@4.17.21

ℹ Read more on: This package | This alert | What is a CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known high severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/lodash-es@4.17.21. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@renovate renovate Bot force-pushed the renovate/major-hardhat-packages branch 2 times, most recently from c08c912 to 6eeabe7 Compare April 27, 2026 16:49
@renovate
chore(deps): update hardhat packages
5100c13 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate renovate Bot force-pushed the renovate/major-hardhat-packages branch from 6eeabe7 to 5100c13 Compare April 27, 2026 20:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@sentry sentry[bot] sentry[bot] left review comments

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants