Skip to content

chore(deps): update hardhat packages (major)#149

Open
renovate[bot] wants to merge 1 commit intomainfrom
renovate/major-hardhat-packages
Open

chore(deps): update hardhat packages (major)#149
renovate[bot] wants to merge 1 commit intomainfrom
renovate/major-hardhat-packages

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate bot commented Nov 4, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change OpenSSF
@nomicfoundation/hardhat-foundry (source) dependencies major 1.2.03.0.0 OpenSSF Scorecard
@nomicfoundation/hardhat-ignition-viem (source) dependencies major 0.15.163.1.1 OpenSSF Scorecard
@nomicfoundation/hardhat-toolbox-viem (source) dependencies major 4.1.15.0.3 OpenSSF Scorecard
@nomiclabs/hardhat-solhint (source) dependencies major 4.1.05.0.0 OpenSSF Scorecard
hardhat (source) dependencies major 2.27.13.3.0 OpenSSF Scorecard

Release Notes

NomicFoundation/hardhat (@​nomicfoundation/hardhat-foundry)

v3.0.0

Compare Source

Major Changes
  • 4cd63e9: Introduce the @nomicfoundation/hardhat-foundry plugin for Hardhat 3

v1.2.1

Compare Source

NomicFoundation/hardhat (@​nomicfoundation/hardhat-ignition-viem)

v3.1.1

Compare Source

Changes

💡 The Nomic Foundation is hiring! Check our open positions.

v3.1.0

Compare Source

Minor Changes
Patch Changes

v3.0.9

Compare Source

Patch Changes

v3.0.8

Compare Source

Patch Changes
  • 6674b00: Bump hardhat-utils major

v3.0.7

Compare Source

Patch Changes
  • 2bc18b2: Bumped viem version across all packages 7861.

v3.0.6

Compare Source

Patch Changes
  • dac916b: Expose ignition retry loop variables in user config (Hardhat v3) (#​7303)

v3.0.5

Compare Source

Patch Changes
  • d1c1803: Make @nomicfoundation/hardhat-ignition's UI work well with other plugins, like Ledger's.

v3.0.4

Compare Source

Patch Changes
  • 843c1ae: Fixed a bug preventing Ignition from using the hre.config.ignition settings when deploying via script (#​7641)
  • 558ac5b: Update installation and config instructions

v3.0.3

Compare Source

Patch Changes

v3.0.2

Compare Source

Patch Changes
  • ddefbff: Added guard to stop multiple simultaneous calls to ignition.deploy(...) at once (#​6440)

v3.0.1

Compare Source

Patch Changes

v3.0.0

Compare Source

Major Changes
  • 29cc141: First release of Hardhat 3!
NomicFoundation/hardhat (@​nomicfoundation/hardhat-toolbox-viem)

v5.0.3

Compare Source

Patch Changes

v5.0.2

Compare Source

Patch Changes
  • 2bc18b2: Bumped viem version across all packages 7861.

v5.0.1

Compare Source

Patch Changes
  • 558ac5b: Update installation and config instructions

v5.0.0

Compare Source

Major Changes
  • 29cc141: First release of Hardhat 3!

v4.1.2

Compare Source

This release is a small bump to the version of solidity-coverage to include changes for the Osaka transaction gas limit.

Changes
  • a7e4215: Update solidity-coverage minimum version to include Osaka changes

💡 The Nomic Foundation is hiring! Check our open positions.

NomicFoundation/hardhat (@​nomiclabs/hardhat-solhint)

v5.0.0

Compare Source

v4.1.2

Compare Source

v4.1.1

Compare Source

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies label Nov 4, 2025
sentry[bot]
sentry bot reviewed Nov 4, 2025
View reviewed changes
package.json Outdated
Comment on lines +39 to +42
"@graphprotocol/graph-ts": "0.38.0",
"@nomicfoundation/hardhat-foundry": "1.2.0",
"@nomicfoundation/hardhat-ignition-viem": "0.15.15",
"@nomicfoundation/hardhat-toolbox-viem": "4.1.1",
"@nomicfoundation/hardhat-ignition-viem": "3.0.4",
"@nomicfoundation/hardhat-toolbox-viem": "5.0.1",

This comment was marked as outdated.

Sign in to view

cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Nov 4, 2025
View reviewed changes
Copy link
Copy Markdown

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 2 files

@renovate renovate bot force-pushed the renovate/major-hardhat-packages branch 5 times, most recently from 3f85a37 to 15d263c Compare November 12, 2025 23:00
@renovate renovate bot force-pushed the renovate/major-hardhat-packages branch from 15d263c to ba9fafb Compare November 16, 2025 03:38
@renovate renovate bot force-pushed the renovate/major-hardhat-packages branch 4 times, most recently from b9ecefd to 9355f7b Compare December 3, 2025 22:26
@renovate renovate bot force-pushed the renovate/major-hardhat-packages branch from 9355f7b to 27f8aaa Compare December 11, 2025 03:09
sentry[bot]
sentry bot reviewed Dec 11, 2025
View reviewed changes
package.json Outdated
@@ -38,12 +38,12 @@
"@graphprotocol/graph-cli": "0.96.0",
"@graphprotocol/graph-ts": "0.38.0",
"@nomicfoundation/hardhat-foundry": "1.2.0",
Copy link
Copy Markdown

@sentry sentry bot Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Upgrading @nomicfoundation/hardhat-ignition-viem introduces an unmet peer dependency on @nomicfoundation/hardhat-ignition, causing an older, incompatible version to be used, which will lead to an import failure.
Severity: CRITICAL | Confidence: High

🔍 Detailed Analysis

The update of @nomicfoundation/hardhat-ignition-viem to version 3.0.6 changes its peer dependency requirement to @nomicfoundation/hardhat-ignition@^3.0.6. However, the project's package.json does not explicitly list @nomicfoundation/hardhat-ignition as a dependency, and the bun.lock file indicates that an incompatible version, 0.15.15, remains installed. This major version mismatch will cause the import of buildModule from @nomicfoundation/hardhat-ignition/modules in ignition/modules/main.ts to fail at runtime, as the module structure and API are likely different, leading to a crash when ignition scripts are executed.

💡 Suggested Fix

Add @nomicfoundation/hardhat-ignition@^3.0.6 as an explicit dependency to package.json to satisfy the peer dependency requirement of @nomicfoundation/hardhat-ignition-viem@3.0.6. Then, run the package manager to update the lockfile and install the correct version.

🤖 Prompt for AI Agent 
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: package.json#L40

Potential issue: The update of `@nomicfoundation/hardhat-ignition-viem` to version
`3.0.6` changes its peer dependency requirement to
`@nomicfoundation/hardhat-ignition@^3.0.6`. However, the project's `package.json` does
not explicitly list `@nomicfoundation/hardhat-ignition` as a dependency, and the
`bun.lock` file indicates that an incompatible version, `0.15.15`, remains installed.
This major version mismatch will cause the import of `buildModule` from
`@nomicfoundation/hardhat-ignition/modules` in `ignition/modules/main.ts` to fail at
runtime, as the module structure and API are likely different, leading to a crash when
ignition scripts are executed.

Did we get this right? 👍 / 👎 to inform future reviews.
Reference ID: 6983593

@renovate renovate bot force-pushed the renovate/major-hardhat-packages branch 2 times, most recently from 9f887c0 to 0918c9d Compare December 30, 2025 15:50
@renovate renovate bot force-pushed the renovate/major-hardhat-packages branch 2 times, most recently from f81a7ff to a788b51 Compare January 14, 2026 19:39
@renovate renovate bot force-pushed the renovate/major-hardhat-packages branch from a788b51 to 94f0d41 Compare January 19, 2026 22:50
@renovate renovate bot force-pushed the renovate/major-hardhat-packages branch 2 times, most recently from 49fff90 to 9a3ac9f Compare February 5, 2026 19:43
@renovate renovate bot force-pushed the renovate/major-hardhat-packages branch from 9a3ac9f to 54e1096 Compare February 12, 2026 13:09
@renovate renovate bot force-pushed the renovate/major-hardhat-packages branch 3 times, most recently from 5f4669b to 2df0c41 Compare February 26, 2026 19:08
@renovate renovate bot force-pushed the renovate/major-hardhat-packages branch 2 times, most recently from 219eccb to 1c25015 Compare March 11, 2026 15:46
@renovate renovate bot force-pushed the renovate/major-hardhat-packages branch 2 times, most recently from 9bbaf0e to e3ed722 Compare March 19, 2026 22:10
@renovate renovate bot force-pushed the renovate/major-hardhat-packages branch from e3ed722 to 50020ec Compare March 26, 2026 20:07
@renovate
chore(deps): update hardhat packages
d53ba58 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate renovate bot force-pushed the renovate/major-hardhat-packages branch from 50020ec to d53ba58 Compare March 31, 2026 15:54
@socket-security
Copy link
Copy Markdown

socket-security bot commented Mar 31, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updated@​nomiclabs/​hardhat-solhint@​4.1.0 ⏵ 5.0.09310069 -1388 +6100
Updated@​nomicfoundation/​hardhat-foundry@​1.2.0 ⏵ 3.0.088 +110078 +488 +7100
Updatedhardhat@​2.27.1 ⏵ 3.3.099 +610082 -996 -1100 +20
Updated@​nomicfoundation/​hardhat-ignition-viem@​0.15.16 ⏵ 3.1.188 +210083 -296 +4100
Updated@​nomicfoundation/​hardhat-toolbox-viem@​4.1.1 ⏵ 5.0.383 -610089 +1494 +1100

View full report

@socket-security
Copy link
Copy Markdown

socket-security bot commented Mar 31, 2026

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
License policy violation: npm typescript

License: LicenseRef-W3C-Community-Final-Specification-Agreement - the applicable license policy does not allow this license (4) (package/ThirdPartyNoticeText.txt)

From: ?npm/@nomicfoundation/hardhat-toolbox-viem@5.0.3npm/@nomicfoundation/hardhat-ignition-viem@3.1.1npm/@graphprotocol/graph-cli@0.96.0npm/solhint@6.0.1npm/typescript@6.0.2

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/typescript@6.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@sentry sentry[bot] sentry[bot] left review comments

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants