Skip to content

chore(deps): update hardhat packages (major)#176

Open
renovate[bot] wants to merge 1 commit intomainfrom
renovate/major-hardhat-packages
Open

chore(deps): update hardhat packages (major)#176
renovate[bot] wants to merge 1 commit intomainfrom
renovate/major-hardhat-packages

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate bot commented Nov 4, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change OpenSSF
@nomicfoundation/hardhat-foundry (source) dependencies major 1.2.03.0.0 OpenSSF Scorecard
@nomicfoundation/hardhat-ignition-viem (source) dependencies major 0.15.163.1.1 OpenSSF Scorecard
@nomicfoundation/hardhat-toolbox-viem (source) dependencies major 4.1.15.0.3 OpenSSF Scorecard
@nomiclabs/hardhat-solhint (source) dependencies major 4.1.05.0.0 OpenSSF Scorecard
hardhat (source) dependencies major 2.27.13.3.0 OpenSSF Scorecard

Release Notes

NomicFoundation/hardhat (@​nomicfoundation/hardhat-foundry)

v3.0.0

Compare Source

Major Changes
  • 4cd63e9: Introduce the @nomicfoundation/hardhat-foundry plugin for Hardhat 3

v1.2.1

Compare Source

NomicFoundation/hardhat (@​nomicfoundation/hardhat-ignition-viem)

v3.1.1

Compare Source

Changes

💡 The Nomic Foundation is hiring! Check our open positions.

v3.1.0

Compare Source

Minor Changes
Patch Changes

v3.0.9

Compare Source

Patch Changes

v3.0.8

Compare Source

Patch Changes
  • 6674b00: Bump hardhat-utils major

v3.0.7

Compare Source

Patch Changes
  • 2bc18b2: Bumped viem version across all packages 7861.

v3.0.6

Compare Source

Patch Changes
  • dac916b: Expose ignition retry loop variables in user config (Hardhat v3) (#​7303)

v3.0.5

Compare Source

Patch Changes
  • d1c1803: Make @nomicfoundation/hardhat-ignition's UI work well with other plugins, like Ledger's.

v3.0.4

Compare Source

Patch Changes
  • 843c1ae: Fixed a bug preventing Ignition from using the hre.config.ignition settings when deploying via script (#​7641)
  • 558ac5b: Update installation and config instructions

v3.0.3

Compare Source

Patch Changes

v3.0.2

Compare Source

Patch Changes
  • ddefbff: Added guard to stop multiple simultaneous calls to ignition.deploy(...) at once (#​6440)

v3.0.1

Compare Source

Patch Changes

v3.0.0

Compare Source

Major Changes
  • 29cc141: First release of Hardhat 3!
NomicFoundation/hardhat (@​nomicfoundation/hardhat-toolbox-viem)

v5.0.3

Compare Source

Patch Changes

v5.0.2

Compare Source

Patch Changes
  • 2bc18b2: Bumped viem version across all packages 7861.

v5.0.1

Compare Source

Patch Changes
  • 558ac5b: Update installation and config instructions

v5.0.0

Compare Source

Major Changes
  • 29cc141: First release of Hardhat 3!

v4.1.2

Compare Source

This release is a small bump to the version of solidity-coverage to include changes for the Osaka transaction gas limit.

Changes
  • a7e4215: Update solidity-coverage minimum version to include Osaka changes

💡 The Nomic Foundation is hiring! Check our open positions.

NomicFoundation/hardhat (@​nomiclabs/hardhat-solhint)

v5.0.0

Compare Source

v4.1.2

Compare Source

v4.1.1

Compare Source

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies label Nov 4, 2025
sentry[bot]
sentry bot reviewed Nov 4, 2025
View reviewed changes
package.json
Comment on lines 39 to 49
"@graphprotocol/graph-ts": "0.38.0",
"@nomicfoundation/hardhat-foundry": "1.2.0",
"@nomicfoundation/hardhat-ignition-viem": "0.15.15",
"@nomicfoundation/hardhat-toolbox-viem": "4.1.1",
"@nomicfoundation/hardhat-ignition-viem": "3.0.4",
"@nomicfoundation/hardhat-toolbox-viem": "5.0.1",
"@nomiclabs/hardhat-solhint": "4.1.0",
"@openzeppelin/contracts": "5.4.0",
"@openzeppelin/subgraphs": "0.1.8-5",
"hardhat": "2.26.5",
"hardhat": "3.0.11",
"solhint": "6.0.1"
},
"overrides": {

This comment was marked as outdated.

Sign in to view

cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Nov 4, 2025
View reviewed changes
Copy link
Copy Markdown

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 2 files

@renovate renovate bot force-pushed the renovate/major-hardhat-packages branch 5 times, most recently from 9a280ba to 99c752e Compare November 13, 2025 01:58
@renovate renovate bot force-pushed the renovate/major-hardhat-packages branch from 99c752e to 7a60260 Compare November 16, 2025 03:44
@renovate renovate bot force-pushed the renovate/major-hardhat-packages branch 3 times, most recently from 70d8dae to efdbe69 Compare December 3, 2025 22:15
@renovate renovate bot force-pushed the renovate/major-hardhat-packages branch from efdbe69 to 62f7eff Compare December 11, 2025 03:11
sentry[bot]
sentry bot reviewed Dec 11, 2025
View reviewed changes
package.json
@@ -38,12 +38,12 @@
"@graphprotocol/graph-cli": "0.96.0",
"@graphprotocol/graph-ts": "0.38.0",
Copy link
Copy Markdown

@sentry sentry bot Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: The upgrade to Hardhat v3 is missing the required ESM configuration ("type": "module" in package.json or renaming config to .mts), which will break all Hardhat commands.
Severity: CRITICAL | Confidence: High

🔍 Detailed Analysis

The project's dependencies are upgraded to Hardhat v3, which is an ESM-first framework. However, the project's configuration is not updated to be ESM-compatible. The package.json file lacks the required "type": "module" field, and the configuration file hardhat.config.ts has not been renamed to hardhat.config.mts. The tsconfig.json further specifies "module": "commonjs". This mismatch will cause Hardhat 3 to fail when it tries to load the configuration file, as it will be processed as CommonJS instead of the required ESM. This failure will prevent all Hardhat commands, such as deployments and tests, from running.

💡 Suggested Fix

To make the project compatible with Hardhat v3, either add "type": "module" to the package.json file or rename the Hardhat configuration file from hardhat.config.ts to hardhat.config.mts.

🤖 Prompt for AI Agent 
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: package.json#L39

Potential issue: The project's dependencies are upgraded to Hardhat v3, which is an
ESM-first framework. However, the project's configuration is not updated to be
ESM-compatible. The `package.json` file lacks the required `"type": "module"` field, and
the configuration file `hardhat.config.ts` has not been renamed to `hardhat.config.mts`.
The `tsconfig.json` further specifies `"module": "commonjs"`. This mismatch will cause
Hardhat 3 to fail when it tries to load the configuration file, as it will be processed
as CommonJS instead of the required ESM. This failure will prevent all Hardhat commands,
such as deployments and tests, from running.

Did we get this right? 👍 / 👎 to inform future reviews.
Reference ID: 6983881

@renovate renovate bot force-pushed the renovate/major-hardhat-packages branch 2 times, most recently from b4a0036 to bff257d Compare December 30, 2025 15:33
@renovate renovate bot force-pushed the renovate/major-hardhat-packages branch 2 times, most recently from 6b091e7 to 62a1162 Compare January 14, 2026 19:10
@renovate renovate bot force-pushed the renovate/major-hardhat-packages branch from 62a1162 to 64bdc74 Compare January 19, 2026 22:43
@renovate renovate bot force-pushed the renovate/major-hardhat-packages branch 2 times, most recently from c17357a to dc7f474 Compare February 5, 2026 19:46
@renovate renovate bot force-pushed the renovate/major-hardhat-packages branch from dc7f474 to 6d89665 Compare February 12, 2026 12:32
@renovate renovate bot force-pushed the renovate/major-hardhat-packages branch 3 times, most recently from e3ea95d to 0ce49bf Compare February 26, 2026 19:37
@renovate renovate bot force-pushed the renovate/major-hardhat-packages branch 2 times, most recently from 9815b40 to b4677ee Compare March 11, 2026 16:04
@renovate renovate bot force-pushed the renovate/major-hardhat-packages branch 2 times, most recently from d76e0c3 to 625651f Compare March 19, 2026 22:35
@renovate renovate bot force-pushed the renovate/major-hardhat-packages branch from 625651f to ddfada7 Compare March 26, 2026 20:16
@renovate
chore(deps): update hardhat packages
fbd5e64 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate renovate bot force-pushed the renovate/major-hardhat-packages branch from ddfada7 to fbd5e64 Compare March 31, 2026 15:52
@socket-security
Copy link
Copy Markdown

socket-security bot commented Mar 31, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updated@​nomiclabs/​hardhat-solhint@​4.1.0 ⏵ 5.0.09310069 -1388 +6100
Updated@​nomicfoundation/​hardhat-foundry@​1.2.0 ⏵ 3.0.088 +110078 +488 +7100
Updatedhardhat@​2.27.1 ⏵ 3.3.099 +610082 -996 -1100 +20
Updated@​nomicfoundation/​hardhat-ignition-viem@​0.15.16 ⏵ 3.1.188 +210083 -296 +4100
Updated@​nomicfoundation/​hardhat-toolbox-viem@​4.1.1 ⏵ 5.0.383 -610089 +1494 +1100

View full report

@socket-security
Copy link
Copy Markdown

socket-security bot commented Mar 31, 2026

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
License policy violation: npm typescript

License: LicenseRef-W3C-Community-Final-Specification-Agreement - the applicable license policy does not allow this license (4) (package/ThirdPartyNoticeText.txt)

From: ?npm/@nomicfoundation/hardhat-toolbox-viem@5.0.3npm/@nomicfoundation/hardhat-ignition-viem@3.1.1npm/@graphprotocol/graph-cli@0.96.0npm/solhint@6.0.1npm/typescript@6.0.2

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/typescript@6.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@sentry sentry[bot] sentry[bot] left review comments

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants