Skip to content

chore(deps): update hardhat packages (major)#191

Open
renovate[bot] wants to merge 1 commit intomainfrom
renovate/major-hardhat-packages
Open

chore(deps): update hardhat packages (major)#191
renovate[bot] wants to merge 1 commit intomainfrom
renovate/major-hardhat-packages

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate bot commented Nov 4, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change OpenSSF
@nomicfoundation/hardhat-foundry (source) dependencies major 1.2.03.0.0 OpenSSF Scorecard
@nomicfoundation/hardhat-ignition-viem (source) dependencies major 0.15.163.1.1 OpenSSF Scorecard
@nomicfoundation/hardhat-toolbox-viem (source) dependencies major 4.1.15.0.3 OpenSSF Scorecard
@nomiclabs/hardhat-solhint (source) dependencies major 4.1.05.0.0 OpenSSF Scorecard
hardhat (source) dependencies major 2.27.13.3.0 OpenSSF Scorecard

Release Notes

NomicFoundation/hardhat (@​nomicfoundation/hardhat-foundry)

v3.0.0

Compare Source

Major Changes
  • 4cd63e9: Introduce the @nomicfoundation/hardhat-foundry plugin for Hardhat 3

v1.2.1

Compare Source

NomicFoundation/hardhat (@​nomicfoundation/hardhat-ignition-viem)

v3.1.1

Compare Source

Changes

💡 The Nomic Foundation is hiring! Check our open positions.

v3.1.0

Compare Source

Minor Changes
Patch Changes

v3.0.9

Compare Source

Patch Changes

v3.0.8

Compare Source

Patch Changes
  • 6674b00: Bump hardhat-utils major

v3.0.7

Compare Source

Patch Changes
  • 2bc18b2: Bumped viem version across all packages 7861.

v3.0.6

Compare Source

Patch Changes
  • dac916b: Expose ignition retry loop variables in user config (Hardhat v3) (#​7303)

v3.0.5

Compare Source

Patch Changes
  • d1c1803: Make @nomicfoundation/hardhat-ignition's UI work well with other plugins, like Ledger's.

v3.0.4

Compare Source

Patch Changes
  • 843c1ae: Fixed a bug preventing Ignition from using the hre.config.ignition settings when deploying via script (#​7641)
  • 558ac5b: Update installation and config instructions

v3.0.3

Compare Source

Patch Changes

v3.0.2

Compare Source

Patch Changes
  • ddefbff: Added guard to stop multiple simultaneous calls to ignition.deploy(...) at once (#​6440)

v3.0.1

Compare Source

Patch Changes

v3.0.0

Compare Source

Major Changes
  • 29cc141: First release of Hardhat 3!
NomicFoundation/hardhat (@​nomicfoundation/hardhat-toolbox-viem)

v5.0.3

Compare Source

Patch Changes

v5.0.2

Compare Source

Patch Changes
  • 2bc18b2: Bumped viem version across all packages 7861.

v5.0.1

Compare Source

Patch Changes
  • 558ac5b: Update installation and config instructions

v5.0.0

Compare Source

Major Changes
  • 29cc141: First release of Hardhat 3!

v4.1.2

Compare Source

This release is a small bump to the version of solidity-coverage to include changes for the Osaka transaction gas limit.

Changes
  • a7e4215: Update solidity-coverage minimum version to include Osaka changes

💡 The Nomic Foundation is hiring! Check our open positions.

NomicFoundation/hardhat (@​nomiclabs/hardhat-solhint)

v5.0.0

Compare Source

v4.1.2

Compare Source

v4.1.1

Compare Source

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies label Nov 4, 2025
sentry[bot]
sentry bot reviewed Nov 4, 2025
View reviewed changes
package.json Outdated
"@nomicfoundation/hardhat-toolbox-viem": "5.0.1",
"@nomiclabs/hardhat-solhint": "4.1.0",
"hardhat": "2.26.5",
"hardhat": "3.0.11",

This comment was marked as outdated.

Sign in to view

cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Nov 4, 2025
View reviewed changes
Copy link
Copy Markdown

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 2 files

@renovate renovate bot force-pushed the renovate/major-hardhat-packages branch 5 times, most recently from 1434eee to 47e4ec1 Compare November 13, 2025 01:49
@renovate renovate bot force-pushed the renovate/major-hardhat-packages branch from 47e4ec1 to 36cfcc5 Compare November 16, 2025 02:57
@renovate renovate bot force-pushed the renovate/major-hardhat-packages branch 3 times, most recently from 4e7734f to 373851f Compare December 4, 2025 05:03
@renovate renovate bot force-pushed the renovate/major-hardhat-packages branch from 373851f to 657200c Compare December 11, 2025 03:08
sentry[bot]
sentry bot reviewed Dec 11, 2025
View reviewed changes
package.json Outdated
"@nomicfoundation/hardhat-ignition-viem": "0.15.16",
"@nomicfoundation/hardhat-toolbox-viem": "4.1.1",
"@nomicfoundation/hardhat-ignition-viem": "3.0.6",
"@nomicfoundation/hardhat-toolbox-viem": "5.0.1",
Copy link
Copy Markdown

@sentry sentry bot Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: The update to @nomicfoundation/hardhat-toolbox-viem introduces peer dependency conflicts. Several related @nomicfoundation packages are not updated to the required major version.
Severity: CRITICAL | Confidence: High

🔍 Detailed Analysis

Updating @nomicfoundation/hardhat-toolbox-viem to 5.0.1 requires several peer dependencies like @nomicfoundation/hardhat-network-helpers and @nomicfoundation/hardhat-viem to be at version ^3.0.0. However, the lockfile indicates that older, incompatible versions (e.g., 1.1.2, 2.1.3) are still in use. This mismatch will likely lead to installation warnings or failures with npm/bun, and could cause runtime errors due to API incompatibilities between major versions if the installation succeeds.

💡 Suggested Fix

Update all related @nomicfoundation packages in package.json to their required major versions (^3.0.0) to satisfy the peer dependencies of @nomicfoundation/hardhat-toolbox-viem@5.0.1. After updating package.json, run the package manager's install command to regenerate the lockfile.

🤖 Prompt for AI Agent 
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: package.json#L41

Potential issue: Updating `@nomicfoundation/hardhat-toolbox-viem` to `5.0.1` requires
several peer dependencies like `@nomicfoundation/hardhat-network-helpers` and
`@nomicfoundation/hardhat-viem` to be at version `^3.0.0`. However, the lockfile
indicates that older, incompatible versions (e.g., `1.1.2`, `2.1.3`) are still in use.
This mismatch will likely lead to installation warnings or failures with `npm`/`bun`,
and could cause runtime errors due to API incompatibilities between major versions if
the installation succeeds.

Did we get this right? 👍 / 👎 to inform future reviews.
Reference ID: 6983511

package.json Outdated
Comment on lines +40 to +43
"@nomicfoundation/hardhat-ignition-viem": "3.0.6",
"@nomicfoundation/hardhat-toolbox-viem": "5.0.1",
"@nomiclabs/hardhat-solhint": "4.1.0",
"hardhat": "2.27.1",
"hardhat": "3.1.0",
Copy link
Copy Markdown

@sentry sentry bot Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: The hardhat.config.ts file has not been updated for Hardhat 3's new plugin system, which will cause plugins to fail to load and tests to crash.
Severity: CRITICAL | Confidence: High

🔍 Detailed Analysis

The upgrade to Hardhat 3.1.0 introduces a breaking change in how plugins are loaded. The hardhat.config.ts file still uses the old Hardhat 2 method of importing plugins for their side effects. The new required method is to explicitly list plugins in a plugins array within a defineConfig call. Because the plugins are not loaded correctly, extensions to the Hardhat Runtime Environment, such as hre.viem, will be undefined. This will cause tests calling hre.viem.deployContract() to fail with a TypeError.

💡 Suggested Fix

Refactor hardhat.config.ts to use the defineConfig function from hardhat/config. Import the plugins directly and list them in the plugins array within the configuration object. This will ensure they are loaded correctly by Hardhat 3.

🤖 Prompt for AI Agent 
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: package.json#L40-L43

Potential issue: The upgrade to Hardhat 3.1.0 introduces a breaking change in how
plugins are loaded. The `hardhat.config.ts` file still uses the old Hardhat 2 method of
importing plugins for their side effects. The new required method is to explicitly list
plugins in a `plugins` array within a `defineConfig` call. Because the plugins are not
loaded correctly, extensions to the Hardhat Runtime Environment, such as `hre.viem`,
will be `undefined`. This will cause tests calling `hre.viem.deployContract()` to fail
with a `TypeError`.

Did we get this right? 👍 / 👎 to inform future reviews.
Reference ID: 6983511

@renovate renovate bot force-pushed the renovate/major-hardhat-packages branch 2 times, most recently from 1a875a2 to 3c6bdd2 Compare December 30, 2025 16:02
@renovate renovate bot force-pushed the renovate/major-hardhat-packages branch 2 times, most recently from cb5bc81 to fbd52d8 Compare January 14, 2026 19:14
@renovate renovate bot force-pushed the renovate/major-hardhat-packages branch from fbd52d8 to 270028d Compare January 19, 2026 22:42
@renovate renovate bot force-pushed the renovate/major-hardhat-packages branch 2 times, most recently from 68f12fb to 6715241 Compare February 5, 2026 19:51
@renovate renovate bot force-pushed the renovate/major-hardhat-packages branch from 6715241 to 7c2691e Compare February 12, 2026 12:59
@renovate renovate bot force-pushed the renovate/major-hardhat-packages branch 2 times, most recently from 8587603 to 58d5967 Compare February 25, 2026 17:47
@renovate renovate bot force-pushed the renovate/major-hardhat-packages branch from 58d5967 to d06e249 Compare February 26, 2026 19:32
@renovate renovate bot force-pushed the renovate/major-hardhat-packages branch 2 times, most recently from b11d714 to 82389f6 Compare March 11, 2026 15:46
@renovate renovate bot force-pushed the renovate/major-hardhat-packages branch 2 times, most recently from 13dd2d8 to 449d686 Compare March 19, 2026 22:40
@renovate renovate bot force-pushed the renovate/major-hardhat-packages branch from 449d686 to ec185a6 Compare March 26, 2026 19:27
@renovate
chore(deps): update hardhat packages
1a11c14 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate renovate bot force-pushed the renovate/major-hardhat-packages branch from ec185a6 to 1a11c14 Compare March 31, 2026 16:02
@socket-security
Copy link
Copy Markdown

socket-security bot commented Mar 31, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updated@​nomiclabs/​hardhat-solhint@​4.1.0 ⏵ 5.0.09310069 -1388 +6100
Updated@​nomicfoundation/​hardhat-foundry@​1.2.0 ⏵ 3.0.088 +110078 +488 +7100
Updatedhardhat@​2.27.1 ⏵ 3.3.099 +610082 -996 -1100 +20
Updated@​nomicfoundation/​hardhat-ignition-viem@​0.15.16 ⏵ 3.1.188 +210083 -296 +4100
Updated@​nomicfoundation/​hardhat-toolbox-viem@​4.1.1 ⏵ 5.0.383 -610089 +1494 +1100

View full report

@socket-security
Copy link
Copy Markdown

socket-security bot commented Mar 31, 2026

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
License policy violation: npm typescript

License: LicenseRef-W3C-Community-Final-Specification-Agreement - the applicable license policy does not allow this license (4) (package/ThirdPartyNoticeText.txt)

From: ?npm/@nomicfoundation/hardhat-toolbox-viem@5.0.3npm/@nomicfoundation/hardhat-ignition-viem@3.1.1npm/@graphprotocol/graph-cli@0.96.0npm/solhint@6.0.1npm/typescript@6.0.2

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/typescript@6.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@sentry sentry[bot] sentry[bot] left review comments

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants