Prepare Release

[github-actions]

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and publish to npm yourself or setup this action to publish automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to master, this PR will be updated.

Releases

@openzeppelin/[email protected]

Changelog

0.8.1 (2025-10-10)

• Updated community-contracts digest version (#659)

0.8.0 (2025-09-16)

• Add constructors for SignerECDSA, SignerP256, SignerRSA, SignerERC7702, SignerERC7913, MultiSignerERC7913 and MultiSignerERC7913Weighted (#609)
• Enable upgradeability for AccountERC7579, AccountERC7579Hooked, SignerECDSA, SignerP256, SignerRSA, SignerERC7702, SignerERC7913 and MultiSignerERC7913 (#609)
• Breaking change: Use Account, AccountERC7579, AccountERC7579Hooked, ERC7812, ERC7739Utils, ERC7913Utils, AbstractSigner, SignerECDSA, SignerP256, SignerRSA, SignerERC7702, SignerERC7913, MultiSignerERC7913, and MultiSignerERC7913Weighted from OpenZeppelin Contracts 5.4.0 instead of Community Contracts (#609)
• Remove all initializers from non-upgradeable accounts. (#658)

0.7.1 (2025-08-15)

• Add compatible git commit in comments when importing OpenZeppelin Community Contracts (#627)

0.7.0 (2025-08-12)

• Breaking change: Use ERC20Bridgeable from OpenZeppelin Contracts 5.4.0 instead of Community Contracts (#619)

0.6.0 (2025-06-20)

• Add support for Wizard MCP server. (#569)

  • Possibly breaking changes:
    • Governor: Remove usage of access option. This option now has no effect.

• Accounts: Add _disableInitializers() to account implementations (#568)

0.5.6 (2025-05-21)

• MultisigERC7913: Add onlyEntryPointOrSelf modifier to public configuration functions. (#554)
• Use onlyGovernance to restrict upgrades for Governor with UUPS (#544)
  • Potentially breaking changes:
    • Governor with UUPS: _authorizeUpgrade function is restricted by onlyGovernance instead of onlyOwner

0.5.5 (2025-05-13)

• Add account contract types for ERC-4337. (#486, #523, #527)
• Use unicode syntax for strings with non-ASCII characters (#476)
• Remove redundant overrides in Governor. (#522)
• Simplify Community Contracts imports. (#537)
• Potentially breaking changes:
  • Update pragma versions to 0.8.27. (#486)
  • Changes import path format for @openzeppelin/community-contracts. (#537)

0.5.4 (2025-04-01)

• Add validation for ERC20 premint field. (#488)
• Add callback in ERC20 features. (#500)

0.5.3 (2025-03-13)

• Add ERC20 Cross-Chain Bridging, SuperchainERC20. (#436)
  Note: Cross-Chain Bridging is experimental and may be subject to change.

• Potentially breaking changes:

  • Change order of constructor argument recipient when using premint.

0.5.2 (2025-02-21)

• Fix modifiers order to follow Solidity style guides. (#450)
• ERC721: Return tokenId on safeMint with incremental id. (#455)

0.5.1 (2025-02-05)

• Potentially breaking changes:
  • Add constructor argument recipient when using premint in erc20, stablecoin, and realWorldAsset. (#435)

0.5.0 (2025-01-23)

• Update to use TypeScript v5. (#231)

• Remove unused dependencies. (#430)

• Breaking changes:

  • Update Contracts Wizard license to AGPLv3. (#424)

0.4.6 (2024-11-20)

• Use named imports. (#411)

0.4.5 (2024-11-18)

• Add stablecoin and realWorldAsset contract types. (#404)
  Note: stablecoin and realWorldAsset are experimental and may be subject to change.

0.4.4 (2024-10-23)

Potentially breaking changes

• Update pragma versions to 0.8.22. (#401)

0.4.3 (2024-04-08)

• Add timestamp based Governor and Votes clock options. (#347)

0.4.2 (2024-02-22)

• Add code comments for compatible OpenZeppelin Contracts versions. (#331)

0.4.1 (2023-10-18)

• Add managed access control option for use with AccessManager. (#298)

0.4.0 (2023-10-05)

Breaking changes

• Update to OpenZeppelin Contracts 5.0. (#284)
• Require constructor or initializer arguments for initial owner or role assignments if using access control.
• Use token-specific pausable extensions.
• Enable ERC20Permit by default.

0.3.0 (2023-05-25)

• Breaking change: Update to OpenZeppelin Contracts 4.9. (#252)
• Change default voting delay to 1 day in governor. (#258)

0.2.3 (2023-03-23)

• Fix module not found error. (#235)

0.2.2 (2023-03-17)

• Fix missing file. (#234)

0.2.1 (2023-03-17)

• Remove unspecified dependency on @openzeppelin/contracts. (#233)

0.2.0 (2022-11-08)

• Reduce default block time to 12 seconds in governor. (fdcf912)
• Breaking change: Update to OpenZeppelin Contracts 4.8 and Solidity ^0.8.9. (#199)

0.1.1 (2022-06-30)

• Support custom contract type, optional access control. (#112)

0.1.0 (2022-06-15)

• Initial API for Solidity. (#136)

@openzeppelin/[email protected]

Changelog

0.4.3 (2025-10-10)

• Set security contact as contract metadata (#679)

0.4.2 (2025-07-25)

• Fix access control dependency import to import from stellar_access instead of stellar_contract_utils (#608)

0.4.1 (2025-07-22)

• Dependencies from crates.io and remove unused imports (#602)
  • Breaking changes:
    • Use OpenZeppelin Stellar Soroban Contracts v0.4.1

0.3.0 (2025-07-03)

• Add Stablecoin with Limitations and Access Control (ownable and roles). (#575)
  • Breaking changes:
    • Use OpenZeppelin Stellar Soroban Contracts v0.3.0

0.2.3 (2025-06-27)

• Add security contact in contract info (#563)

0.2.2 (2025-06-20)

• Add support for Wizard MCP server. (#569)

0.2.1 (2025-06-10)

• Fix missing ContractOverrides import and rename defaultimpl to default_impl. (#566)

0.2.0 (2025-05-13)

• Add NonFungible extension and minor refactorings to Fungible (crate renamings, etc.). (#531)
• Breaking changes:
  • Use OpenZeppelin Stellar Soroban Contracts v0.2.0

0.1.1 (2025-03-03)

• Add a default no_std to all contracts. (#471)

0.1.0 (2025-02-25)

• Initial version. (#460)

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[socket-security]

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. It is recommended to resolve "Warn" alerts too. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Block		[email protected] is a AI-detected potential code anomaly. Notes: The analyzed code appears to implement a standard in-memory cache batch operation flow (put/delete) with careful handling of response bodies by buffering and storing bytes for caching. No signs of malware, data exfiltration, backdoors, or obfuscated behavior were found. The primary security considerations relate to memory usage from buffering potentially large response bodies and ensuring robust validation within batch operations to prevent cache state corruption. Overall risk is moderate, driven by in-memory data handling rather than external communication. Confidence: 1.00 Severity: 0.60 From: packages/core/solidity/src/environments/hardhat/upgradeable/package-lock.json → npm/@openzeppelin/[email protected] → npm/[email protected] ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		[email protected] has Obfuscated code. Confidence: 0.96 Location: Package overview From: packages/core/solidity/src/environments/hardhat/upgradeable/package-lock.json → npm/@openzeppelin/[email protected] → npm/[email protected] ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​openzeppelin/​hardhat-upgrades@​3.9.1
	@​openzeppelin/​contracts-upgradeable@​5.4.0

View full report