chore: udates

Author: roderik

.github/workflows/solidity.yml

@@ -71,12 +71,12 @@ jobs:
     runs-on: namespace-profile-btp-scs
     steps:
       - name: Setup 1Password
-        uses: 1password/load-secrets-action/configure@v2
+        uses: 1password/load-secrets-action/configure@v3
         with:
           service-account-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
 
       - name: Load secrets
-        uses: 1password/load-secrets-action@v2
+        uses: 1password/load-secrets-action@v3
         env:
           NPM_TOKEN: op://platform/npmjs/credential
           PAT_TOKEN: op://platform/github-commit-pat/credential
@@ -97,9 +97,9 @@ jobs:
       - name: Install Foundry
         uses: foundry-rs/foundry-toolchain@v1
 
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v6
         with:
-          node-version: 22.21.1
+          node-version: 24.11.0
 
       - name: Install Node dependencies
         run: npm install
@@ -230,7 +230,7 @@ jobs:
             echo "\`\`\`" >> README.md
           fi
 
-      - uses: JS-DevTools/npm-publish@v3
+      - uses: JS-DevTools/npm-publish@v4
         with:
           token: ${{ env.NPM_TOKEN }}
           package: ./package.json
@@ -250,14 +250,14 @@ jobs:
             | ------- | -------------------- |
             | Template Set | `bun add @${{ github.repository_owner }}/${{ github.repository }}@${{ env.VERSION }}` |
 
-      - uses: stefanzweifel/git-auto-commit-action@v6
+      - uses: stefanzweifel/git-auto-commit-action@v7
         if: env.TAG == 'latest' && github.repository != 'settlemint/solidity-predeployed'
         with:
           commit_message: "chore: update package versions [skip ci]"
           branch: main
           file_pattern: "package.json README.md"
 
-      - uses: stefanzweifel/git-auto-commit-action@v6
+      - uses: stefanzweifel/git-auto-commit-action@v7
         if: env.TAG == 'latest' && github.repository == 'settlemint/solidity-predeployed'
         with:
           commit_message: "chore: update package versions [skip ci]"

Dockerfile

@@ -1,4 +1,4 @@
-FROM node:24.10.0 AS build
+FROM node:24.11.0 AS build
 
 RUN --mount=type=cache,sharing=locked,target=/var/cache/apt \
   export DEBIAN_FRONTEND=noninteractive && \

bun.lock

@@ -1 +1 @@
-* @danipopes @klkvr @mattsse @grandizzy @yash-atreya @zerosnacks
+* @danipopes @klkvr @mattsse @grandizzy @yash-atreya @zerosnacks @onbjerg @0xrusowsky

lib/forge-std/.github/CODEOWNERS

@@ -0,0 +1,6 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"

lib/forge-std/.github/dependabot.yml

@@ -1,5 +1,7 @@
 name: CI
 
+permissions: {}
+
 on:
   workflow_dispatch:
   pull_request:
@@ -12,6 +14,8 @@ jobs:
     name: build +${{ matrix.toolchain }} ${{ matrix.flags }}
     runs-on: ubuntu-latest
     timeout-minutes: 10
+    permissions:
+      contents: read
     strategy:
       fail-fast: false
       matrix:
@@ -27,23 +31,37 @@ jobs:
           - --use solc:0.6.2
           - --use solc:0.6.12
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
+        with:
+          persist-credentials: false
       - uses: foundry-rs/foundry-toolchain@v1
       - run: forge --version
-      - run: forge build --skip test --deny-warnings ${{ matrix.flags }}
+      - run: |
+          case "${{ matrix.flags }}" in
+            *"solc:0.8.0"* | *"solc:0.7"* | *"solc:0.6"*)
+              forge build --skip test --skip Config --skip StdConfig --skip LibVariable --deny-warnings ${{ matrix.flags }}
+              ;;
+            *)
+              forge build --skip test --deny-warnings ${{ matrix.flags }}
+              ;;
+          esac
       # via-ir compilation time checks.
       - if: contains(matrix.flags, '--via-ir')
         run: forge build --skip test --deny-warnings ${{ matrix.flags }} --contracts 'test/compilation/*'
 
   test:
     runs-on: ubuntu-latest
     timeout-minutes: 10
+    permissions:
+      contents: read
     strategy:
       fail-fast: false
       matrix:
         toolchain: [stable, nightly]
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
+        with:
+          persist-credentials: false
       - uses: foundry-rs/foundry-toolchain@v1
         with:
           version: ${{ matrix.toolchain }}
@@ -53,18 +71,54 @@ jobs:
   fmt:
     runs-on: ubuntu-latest
     timeout-minutes: 10
+    permissions:
+      contents: read
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
+        with:
+          persist-credentials: false
       - uses: foundry-rs/foundry-toolchain@v1
       - run: forge --version
       - run: forge fmt --check
 
   typos:
     runs-on: ubuntu-latest
     timeout-minutes: 10
+    permissions:
+      contents: read
+    steps:
+      - uses: actions/checkout@v5
+        with:
+          persist-credentials: false
+      - uses: crate-ci/typos@80c8a4945eec0f6d464eaf9e65ed98ef085283d1 # v1
+
+  codeql:
+    name: Analyze (${{ matrix.language }})
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+      actions: read
+      contents: read
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - language: actions
+            build-mode: none
     steps:
-      - uses: actions/checkout@v4
-      - uses: crate-ci/typos@v1
+      - name: Checkout repository
+        uses: actions/checkout@v5
+        with:
+          persist-credentials: false
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v4
+        with:
+          languages: ${{ matrix.language }}
+          build-mode: ${{ matrix.build-mode }}
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v4
+        with:
+          category: "/language:${{matrix.language}}"
 
   ci-success:
     runs-on: ubuntu-latest
@@ -74,9 +128,10 @@ jobs:
       - test
       - fmt
       - typos
+      - codeql
     timeout-minutes: 10
     steps:
       - name: Decide whether the needed jobs succeeded or failed
-        uses: re-actors/alls-green@release/v1
+        uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe # release/v1
         with:
           jobs: ${{ toJSON(needs) }}

lib/forge-std/.github/workflows/ci.yml

@@ -1,5 +1,7 @@
 name: Sync Release Branch
 
+permissions: {}
+
 on:
   release:
     types:
@@ -8,11 +10,14 @@ on:
 jobs:
   sync-release-branch:
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
     if: startsWith(github.event.release.tag_name, 'v1')
     steps:
       - name: Check out the repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
+          persist-credentials: true
           fetch-depth: 0
           ref: v1
 

lib/forge-std/.github/workflows/sync.yml

@@ -1,15 +1,22 @@
 [profile.default]
-fs_permissions = [{ access = "read-write", path = "./"}]
+fs_permissions = [{ access = "read-write", path = "./" }]
 optimizer = true
 optimizer_runs = 200
 
+# A list of solidity error codes to ignore.
+# 3860 = init-code-size
+ignored_error_codes = [3860]
+
 [rpc_endpoints]
 # The RPC URLs are modified versions of the default for testing initialization.
-mainnet = "https://eth.merkle.io" # Different API key.
-optimism_sepolia = "https://sepolia.optimism.io/" # Adds a trailing slash.
+mainnet = "https://reth-ethereum.ithaca.xyz/rpc"
+optimism_sepolia = "https://sepolia.optimism.io/"                # Adds a trailing slash.
 arbitrum_one_sepolia = "https://sepolia-rollup.arbitrum.io/rpc/" # Adds a trailing slash.
 needs_undefined_env_var = "${UNDEFINED_RPC_URL_PLACEHOLDER}"
 
+[lint]
+lint_on_build = false
+
 [fmt]
 # These are all the `forge fmt` defaults.
 line_length = 120
@@ -20,4 +27,4 @@ multiline_func_header = 'attributes_first'
 quote_style = 'double'
 number_underscore = 'preserve'
 single_line_statement_blocks = 'preserve'
-ignore = ["src/console.sol", "src/console2.sol"]
+ignore = ["src/console.sol", "src/console2.sol"]

lib/forge-std/foundry.toml

@@ -1,6 +1,6 @@
 {
   "name": "forge-std",
-  "version": "1.10.0",
+  "version": "1.11.0",
   "description": "Forge Standard Library is a collection of helpful contracts and libraries for use with Forge and Foundry.",
   "homepage": "https://book.getfoundry.sh/forge/forge-std",
   "bugs": "https://github.com/foundry-rs/forge-std/issues",

lib/forge-std/package.json

@@ -8,22 +8,28 @@ abstract contract CommonBase {
     /// @dev Cheat code address.
     /// Calculated as `address(uint160(uint256(keccak256("hevm cheat code"))))`.
     address internal constant VM_ADDRESS = 0x7109709ECfa91a80626fF3989D68f67F5b1DD12D;
+
     /// @dev console.sol and console2.sol work by executing a staticcall to this address.
     /// Calculated as `address(uint160(uint88(bytes11("console.log"))))`.
     address internal constant CONSOLE = 0x000000000000000000636F6e736F6c652e6c6f67;
+
     /// @dev Used when deploying with create2.
     /// Taken from https://github.com/Arachnid/deterministic-deployment-proxy.
     address internal constant CREATE2_FACTORY = 0x4e59b44847b379578588920cA78FbF26c0B4956C;
+
     /// @dev The default address for tx.origin and msg.sender.
     /// Calculated as `address(uint160(uint256(keccak256("foundry default caller"))))`.
     address internal constant DEFAULT_SENDER = 0x1804c8AB1F12E6bbf3894d4083f33e07309d1f38;
+
     /// @dev The address of the first contract `CREATE`d by a running test contract.
     /// When running tests, each test contract is `CREATE`d by `DEFAULT_SENDER` with nonce 1.
     /// Calculated as `VM.computeCreateAddress(VM.computeCreateAddress(DEFAULT_SENDER, 1), 1)`.
     address internal constant DEFAULT_TEST_CONTRACT = 0x5615dEB798BB3E4dFa0139dFa1b3D433Cc23b72f;
+
     /// @dev Deterministic deployment address of the Multicall3 contract.
     /// Taken from https://www.multicall3.com.
     address internal constant MULTICALL3_ADDRESS = 0xcA11bde05977b3631167028862bE2a173976CA11;
+
     /// @dev The order of the secp256k1 curve.
     uint256 internal constant SECP256K1_ORDER =
         115792089237316195423570985008687907852837564279074904382605163141518161494337;