chore(deps): bump undici, @nomicfoundation/hardhat-verify, hardhat and @openzeppelin/hardhat-upgrades in /smart-contract

[dependabot]

Bumps undici to 6.24.1 and updates ancestor dependencies undici, @nomicfoundation/hardhat-verify, hardhat and @openzeppelin/hardhat-upgrades. These dependencies need to be updated together.

Updates undici from 5.29.0 to 6.24.1

Release notes

Sourced from undici's releases.

v6.24.1

Full Changelog: nodejs/undici@v6.24.0...v6.24.1

v6.24.0

Undici v6.24.0 Security Release Notes (LTS)

This release backports fixes for security vulnerabilities affecting the v6 line.

Upgrade guidance

All users on v6 should upgrade to v6.24.0 or later.

Fixed advisories

• GHSA-2mjp-6q6p-2qxm / CVE-2026-1525 (Medium)
  Inconsistent interpretation of HTTP requests (request/response smuggling class issue).

• GHSA-f269-vfmq-vjvj / CVE-2026-1528 (High)
  Malicious WebSocket 64-bit frame length handling could crash the client.

• GHSA-4992-7rv2-5pvq / CVE-2026-1527 (Medium)
  CRLF injection via the upgrade option.

• GHSA-v9p9-hfj2-hcw8 / CVE-2026-2229 (High)
  Unhandled exception from invalid server_max_window_bits in WebSocket permessage-deflate negotiation.

• GHSA-vrm6-8vpv-qv8q / CVE-2026-1526 (High)
  Unbounded memory consumption in WebSocket permessage-deflate decompression.

Not applicable to v6

• GHSA-phc3-fgpg-7m6h / CVE-2026-2581 affects >= 7.17.0 < 7.24.0 only.

Affected and patched ranges (v6)

• CVE-2026-1525: affected < 6.24.0, patched 6.24.0
• CVE-2026-1528: affected >= 6.0.0 < 6.24.0, patched 6.24.0
• CVE-2026-1527: affected < 6.24.0, patched 6.24.0
• CVE-2026-2229: affected < 6.24.0, patched 6.24.0
• CVE-2026-1526: affected < 6.24.0, patched 6.24.0

References

• GitHub Security Advisories: https://github.com/nodejs/undici/security/advisories
• NVD CVE-2026-1525: https://nvd.nist.gov/vuln/detail/CVE-2026-1525
• NVD CVE-2026-1528: https://nvd.nist.gov/vuln/detail/CVE-2026-1528
• NVD CVE-2026-1527: https://nvd.nist.gov/vuln/detail/CVE-2026-1527
• NVD CVE-2026-2229: https://nvd.nist.gov/vuln/detail/CVE-2026-2229
• NVD CVE-2026-1526: https://nvd.nist.gov/vuln/detail/CVE-2026-1526

... (truncated)

Commits

• c0cf656 Bumped v6.24.1
• f5a9f0c Fix v6 release workflow branch targeting
• af2cb8f wqremove maxDecompressedMessageSize (#4891)
• 8873c94 Bumped v6.24.0
• 411bd01 test(websocket): use node:assert for Node 18 compatibility
• 844bf59 test: fix http2 lint regressions in backport
• a444e4f test: stabilize h2 and tls-cert-leak under current test runner
• dc032a1 fix: h2 CI (#4395)
• 4cd3f4b test: increase bitness in test/fixtures/*.pem (#3659)
• 7df6442 fix: adapt websocket frame-limit handling for v6 parser
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for undici since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Updates @nomicfoundation/hardhat-verify from 2.1.3 to 3.0.12

Release notes

Sourced from @​nomicfoundation/hardhat-verify's releases.

@​nomicfoundation/hardhat-verify@​3.0.12

Changes

• 2cbf218: Make SolidityBuildSystem easier to work with (#7988)

---

💡 The Nomic Foundation is hiring! Check our open positions.

---

@​nomicfoundation/hardhat-verify@​3.0.11

Changes

• 6674b00: Bump hardhat-utils major

---

💡 The Nomic Foundation is hiring! Check our open positions.

---

@​nomicfoundation/hardhat-verify@​3.0.10

This release exposes an Etherscan instance through the verification property on network.connect() for advanced use cases, and adds a customApiCall method to the Etherscan instance for custom API requests.

Changes

• NomicFoundation/hardhat@577e516: Expose an Etherscan instance through the verification property on network.connect() for advanced use cases. This version also adds a customApiCall method to the Etherscan instance, allowing custom requests to the Etherscan API (#7644)

---

💡 The Nomic Foundation is hiring! Check our open positions.

---

@​nomicfoundation/hardhat-verify@​3.0.9

This release is a small bug fix release to improve the interaction of hardhat-verify with Hardhat's build system.

Changes

• NomicFoundation/hardhat@13a1e4b: Multiple internal fixes to the solidity build system (NomicFoundation/hardhat#7900)

---

💡 The Nomic Foundation is hiring! Check our open positions.

---

@​nomicfoundation/hardhat-verify@​3.0.7

Added automatic support for all the chains officially supported by Etherscan, Blockscout, and Sourcify. No custom chain configuration is needed for those chains now.

Changes

• 29acf32: Added fallback for chains not included in chain descriptors (#7657)

---

💡 The Nomic Foundation is hiring! Check our open positions.

... (truncated)

Changelog

Sourced from @​nomicfoundation/hardhat-verify's changelog.

3.0.12

Patch Changes

• 2cbf218: Make SolidityBuildSystem easier to work with (#7988)

3.0.11

Patch Changes

• 6674b00: Bump hardhat-utils major

3.0.10

Patch Changes

• 577e516: Expose an Etherscan instance through the verification property on network.connect() for advanced use cases. This version also adds a customApiCall method to the Etherscan instance, allowing custom requests to the Etherscan API (#7644)

3.0.9

Patch Changes

• 13a1e4b: Multiple internal fixes to the solidity build system (#7900)

3.0.8

Patch Changes

• 0635271: Fix Etherscan verification retry with full compiler input, thanks @​SyedAsadKazmi! (#7577)

3.0.7

Patch Changes

• 29acf32: Added fallback for chains not included in chain descriptors (#7657)

3.0.6

Patch Changes

• 6307578: Added support for verifying contracts via Sourcify, thanks @​manuelwedler (#6885).

3.0.5

Patch Changes

• d45234d: Fixed Etherscan verification failures by removing hardcoded v1 API URLs from chain descriptors (#7623). Also enhanced config resolution to support partial overrides in block explorer configurations for future extensibility.
• 558ac5b: Update installation and config instructions

3.0.4

... (truncated)

Commits

• 553035a Version Packages
• b4991ac Merge pull request #8028 from NomicFoundation/fix-spellcheck-workflow
• a429140 Ignore intentional typos
• 8dadf9b Clean up the dictionary and fix more typos
• 2cbf218 Revert cancelled release
• f311aa9 Version Packages
• 23eac5b Update hardhat-verify and hardhat-typechain to use the new ways to identify e...
• 6ce1e7d Version Packages
• 81de079 Version Packages
• 7ad8412 refactor: rename verifier to verification
• Additional commits viewable in compare view

Updates hardhat from 2.28.6 to 3.1.12

Release notes

Sourced from hardhat's releases.

Hardhat v3.1.12

This release adds support for function gas snapshots and snapshot cheatcodes in Solidity tests through the new --snapshot and --snapshot-check flags, along with minor improvements for plugins and an update to EDR.

Changes

• 01b41ee: Added support for function gas snapshots and snapshot cheatcodes in Solidity tests with --snapshot and --snapshot-check flags (#7769)
• e37f96c: Add TestRunResult type that wraps TestSummary, allowing plugins to extend test results with additional data
• bda5a0a: Bumped EDR version to 0.12.0-next.28

---

💡 The Nomic Foundation is hiring! Check our open positions.

---

Hardhat v3.1.11

This release improves the DX of the Viem and Ethers plugins with better autocomplete, improves the errors printed when a contract can't be compiled with the configured compilers, upgrades EDR, and many minor improvements and fixes.

EDR RELATED BREAKING CHANGE: Memory capture used to be enabled by default on geth, but has since been flipped (see ethereum/go-ethereum#23558) and is now disabled by default. We have followed suit and disabled it by default as well. If you were relying on memory capture, you will need to explicitly enable it by setting the enableMemory option to true in your tracer configuration.

Changes

• 2cbf218: Bumped EDR version to 0.12.0-next.27

  BREAKING CHANGE: Memory capture used to be enabled by default on geth, but has since been flipped ethereum/go-ethereum#23558 and is now disabled by default. We have followed suit and disabled it by default as well. If you were relying on memory capture, you will need to explicitly enable it by setting the enableMemory option to true in your tracer configuration.

• bc193be: Use concrete value types for contract names in hardhat-viem and hardhat-ethers

• 2cbf218: Make SolidityBuildSystem easier to work with (#7988)

• 19b691d: Fix typo in assertion message #8028

• 2cbf218: Expose Result type for task action success/failure signaling.

• 2cbf218: Fixed the acceptance of relative paths to node_modules in npm remappings (#8007)

• 2cbf218: Implement a global banner logic in Hardhat 3 #8021

• 4ff11c1: Return typed Result from test runners and telemetry tasks (#8015).

• 2cbf218: Show fs paths and better error messages when a Solidity file can't be compiled with any configured compiler (#7988)

• 2cbf218: Add onTestRunStart, onTestWorkerDone, and onTestRunDone test hooks (#8001)

---

💡 The Nomic Foundation is hiring! Check our open positions.

---

Hardhat v3.1.10

This release contains many improvements and bug fixes, including a cleaner display of test coverage reports (--coverage) and support for inline actions in tasks.

Changes

• 726ff37: Update the --coverage table output to match the style used by --gas-stats. Thanks @​jose-blockchain! (#7733)
• f1e9b05: Added support for inline actions in tasks 7851.
• ca26adb: Update hardhat node to always use the new node network (#7989)
• ec03a01: Allow overriding the type of the network configs default and localhost #7805
• 87623db: Introduce new inter-process mutex implementation (7942).
• 2c2e1f5: Throw better error messages when trying to use a Hardhat 2 plugin with Hardhat 3 #7991.

... (truncated)

Changelog

Sourced from hardhat's changelog.

3.1.12

Patch Changes

• 01b41ee: Added support for function gas snapshots and snapshot cheatcodes in Solidity tests with --snapshot and --snapshot-check flags (#7769)
• e37f96c: Add TestRunResult type that wraps TestSummary, allowing plugins to extend test results with additional data
• bda5a0a: Bumped EDR version to 0.12.0-next.28

3.1.11

Patch Changes

• 2cbf218: Bumped EDR version to 0.12.0-next.27

  BREAKING CHANGE: Memory capture used to be enabled by default on geth, but has since been flipped ethereum/go-ethereum#23558 and is now disabled by default. We have followed suit and disabled it by default as well. If you were relying on memory capture, you will need to explicitly enable it by setting the enableMemory option to true in your tracer configuration.

• bc193be: Use concrete value types for contract names in hardhat-viem and hardhat-ethers

• 2cbf218: Make SolidityBuildSystem easier to work with (#7988)

• 19b691d: Fix typo in assertion message #8028

• 2cbf218: Expose Result type for task action success/failure signaling.

• 2cbf218: Fixed the acceptance of relative paths to node_modules in npm remappings (#8007)

• 2cbf218: Implement a global banner logic in Hardhat 3 #8021

• 4ff11c1: Return typed Result from test runners and telemetry tasks (#8015).

• 2cbf218: Show fs paths and better error messages when a Solidity file can't be compiled with any configured compiler (#7988)

• 2cbf218: Add onTestRunStart, onTestWorkerDone, and onTestRunDone test hooks (#8001)

3.1.10

Patch Changes

• ca26adb: Update hardhat node to always use the new node network (#7989)[https://github.com/Node network config NomicFoundation/hardhat#7989]
• 87623db: Introduce new inter-process mutex implementation (7942).
• 88e9cb5: Add a SolidityHooks#readNpmPackageRemappings hook
• ec03a01: Allow overriding the type of the network configs default and localhost #7805
• 2c2e1f5: Throw better error messages when trying to use a Hardhat 2 plugin with Hardhat 3 #7991.
• 90b5eec: Suggest installing hardhat-foundry when appropriate
• 87623db: Make the solc downloader safe when run by multiple processes (7946).
• 726ff37: Update the --coverage table output to match the style used by --gas-stats. Thanks @​jose-blockchain! (#7733)
• f1e9b05: Added support for inline actions in tasks 7851.
• 73cb725: Expose gasLimit configuration for Solidity tests #7996

3.1.9

Patch Changes

• 621d07e: Make the coverage work with versions of Solidity that aren't fully supported by EDR #7982
• 3e39a06: Round average and median gas usage in the gas analytics output
• 78af2ed: Allow multiple parallel downloads of different compilers (7946).

3.1.8

... (truncated)

Commits

• 72ac31c Version Packages
• 05baf8b Merge pull request #8049 from anaPerezGhiglia/build/edr-0.12.0-next.28
• 68c6408 fix: update format in error message
• fef3c25 fix: adapt gas-analytics and solidity-test to Result pattern after rebase ont...
• 482f346 fix: add missing prop in hardfork tests
• 51d00a1 fix: delete orphaned snapshot cheatcode files when groups are removed
• 3d63a25 fix: remove extra blank line before snapshot output
• 67ad197 fix: only set snapshot cheatcodes written flag when cheatcodes exist
• 4de44e4 feat: add a default fuzz test seed when none is provided (#7886)
• ad17527 Gas snapshots - Show a link to the test file on failures (#7883)
• Additional commits viewable in compare view

Updates @openzeppelin/hardhat-upgrades from 1.28.0 to 3.9.1

Release notes

Sourced from @​openzeppelin/hardhat-upgrades's releases.

@​openzeppelin/hardhat-upgrades@​3.9.1

• Support contract verification via etherscan V2 API. (#1166)
  • Potentially breaking changes: Changes peer dependencies to the following:
    • "@nomicfoundation/hardhat-ethers": "^3.0.6"
    • "@nomicfoundation/hardhat-verify": "^2.0.14"
    • "hardhat": "^2.24.1"

@​openzeppelin/hardhat-upgrades@​3.9.0

• Update Defender SDK to v2.1.0, set Hardhat origin for Defender deployments. (#1111)

@​openzeppelin/hardhat-upgrades@​3.8.0

• Support TypeChain in deployProxy, upgradeProxy, deployBeaconProxy, and defender.deployContract. (#1099)

@​openzeppelin/hardhat-upgrades@​3.7.0

• Add proxyFactory and deployFunction options which can be used to deploy a custom proxy contract. (#1104)

@​openzeppelin/hardhat-upgrades@​3.6.0

• Update Slang dependency to 0.18.3. (#1102)
  • Improves reliability of Hardhat compilation step for namespaced storage layout validations when using Solidity versions 0.8.27 and 0.8.28.

@​openzeppelin/hardhat-upgrades@​3.5.0

• Support ignoring Hardhat compile errors when extracting detailed namespaced storage layouts for validations. (#1090)

@​openzeppelin/hardhat-upgrades@​3.4.0

Potentially breaking changes

• Adds a check to ensure initialOwner is not a ProxyAdmin contract when deploying a transparent proxy. (#1083)

@​openzeppelin/hardhat-upgrades@​3.3.0

• Defender: Add metadata option. (#1079)

@​openzeppelin/hardhat-upgrades@​3.2.1

• Fix Hardhat compile error when public variables are used to implement interface functions. (#1055)
• Remove non-struct NatSpec from Hardhat compilation step for namespaced storage layout validations. (#1051)

@​openzeppelin/hardhat-upgrades@​3.2.0

• Breaking change: Remove defender.proposeUpgrade from Defender legacy. Defender users should use defender.proposeUpgradeWithApproval instead. (#1041)

@​openzeppelin/hardhat-upgrades@​3.1.1

• Defender: Fix proxy deployments when using constructorArgs option, support arbitrary constructor arguments. (#1029)

@​openzeppelin/hardhat-upgrades@​3.1.0

• Defender: Fix handling of license types for block explorer verification, support licenseType and skipLicenseType options. (#1013)

Breaking changes

• When deploying through Defender, if your contract does not have an SPDX license identifier, the verified source code on Etherscan will no longer show any license type.
  • If you want the license type to appear as "None", either set your contract to have // SPDX-License-Identifier: UNLICENSED according to Solidity docs, or set the licenseType option to "None".

@​openzeppelin/hardhat-upgrades@​3.0.5

• Simplify console logging for admin.transferProxyAdminOwnership. (#978)
• Support private networks and forked networks with Defender. (#989)

... (truncated)

Commits

• 542818d Prepare Release (#1174)
• 98a8e7c [CI] Update Foundry Upgrades plugin docs (#1173)
• f9692aa Move Defender integration doc links (#1172)
• dd917e2 Updates to support contract verification via etherscan V2 API (#1166)
• 89a4e9a Bump base-x from 3.0.10 to 3.0.11 (#1152)
• 2f26508 Prepare Release (#1164)
• 6c97f79 Update changesets/action action to v1.5.3 (#1162)
• 01607b4 Omit missing initializer calls error for initializers named *_unchained (#1...
• 0d1eea7 Update changesets/action action to v1.5.2 (#1158)
• efb77e6 Use changesets for releases, use Node 20 (#1154)
• Additional commits viewable in compare view

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
aetheron	Ready	Preview, Comment	Mar 17, 2026 11:01am
vercel-node-app-1	Ready	Preview, Comment	Mar 17, 2026 11:01am

[cloudflare-workers-and-pages]

Deploying aetheron-platform with    Cloudflare Pages

Latest commit:	6fda547
Status:	🚫  Build failed.

View logs

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Updated (UTC)
❌ Deployment failed View logs	aetheron	6fda547	Mar 17 2026, 10:55 AM

[dependabot]

Looks like these dependencies are up-to-date now, so this is no longer needed.