Prepare Release

[github-actions]

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and publish to npm yourself or setup this action to publish automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to master, this PR will be updated.

Releases

@openzeppelin/wizard-common@0.5.1

Changelog

0.5.1 (2026-05-20)

• Cairo: Add ERC721Consecutive extension. (#800)
• Cairo: Add ERC6909Metadata, ERC6909ContentURI, ERC6909TokenSupply extensions. (#793)
  Cairo: Default DAR delay fields in the access schema so callers don't need to supply them for non-roles-dar access types.

0.5.0 (2026-04-07)

• Move Zod schemas from MCP to common package, add @openzeppelin/wizard-common/schemas subpath export. (#785)
  • Uniswap hooks: shorten prompt, move hook descriptions to field-level describe() on --hook parameter.
  • Cairo access schema field changed from required to optional (loosens validation).
  • Added zod as a dependency.
  • Add format examples and defaults to duration and date descriptions.
  • Breaking change: Added exports field to package.json, restricting imports to declared subpaths (. and ./schemas).

0.4.4 (2026-02-26)

• Solidity erc20, stablecoin, realWorldAsset: Support 'erc7786native' option for crossChainBridging. (#747)

0.4.3 (2026-02-17)

• Cairo: added AI prompt descriptions for: (#774)

  • ERC6909
  • ERC20Wrapper
  • ERC1155Supply, ERC1155URIStorage
  • ERC721Wrapper, ERC721URIStorage

• Add support for Confidential Contracts Wizard (#652)

0.4.2 (2026-01-29)

• Modify tooltip descriptions regarding default implementations to fit the changes introduced with v0.6.0 (#768)

0.4.1 (2026-01-14)

• Stellar: add an explicitImplementations flag that switches from using default_impl macro to explicit definitions (#728)

0.4.0 (2026-01-10)

• Add support for with_components macro. (#703)

• Add AccessControlDefaultAdminRules. (#698)

• Breaking changes:

  • Use OpenZeppelin Contracts for Cairo v3.0.0. (#757)
  • Use OpenZeppelin Contracts for Cairo v3.0.0-alpha.3. (#688)
  • Use OpenZeppelin Contracts for Cairo v3.0.0-alpha.2. (#663)
  • Use OpenZeppelin Contracts for Cairo v3.0.0-alpha.1. (#638)
  • Use OpenZeppelin Contracts for Cairo v3.0.0-alpha.0. (#623)

0.3.3 (2025-11-28)

• Add support for Uniswap Hooks Wizard (#628)

0.3.2 (2025-11-26)

• Add tokenUri setting for stellar non fungible model (#725)

0.3.1 (2025-11-12)

• Solidity account signer: Add WebAuthn to the list of signers available. (#718)
• Breaking changes: Solidity Stablecoin and RWA: Change custodian option to freezable. Replace ERC20Custodian with ERC20Freezable. (#719)
• Add macros descriptions for Cairo (#703)

0.2.0 (2025-11-03)

• Breaking changes: Solidity Stablecoin and RWA: Change limitations option to restrictions. Replace ERC20Allowlist and ERC20Blocklist with ERC20Restricted. (#715)
• Update @openzeppelin/contracts and @openzeppelin/contracts-upgradeable dependencies to 5.5.0 (#681)
  • Breaking changes:
    • Solidity account signer: ERC7702 option is renamed as EIP7702. Imported contract SignerERC7702 is renamed as SignerEIP7702.
    • Solidity upgradeable contracts: Initializable and UUPSUpgradeable are imported from @openzeppelin/contracts instead of @openzeppelin/contracts-upgradeable.

0.1.2 (2025-10-29)

• Add AI descriptions for AccessControl in Cairo-alpha (#698)

0.1.1 (2025-09-16)

• Update Solidity Account prompt (#609)
• Support decimals customization for ERC20 Cairo contracts (#654)

0.1.0 (2025-08-15)

• Bump minor version for semantic versioning stability (#631)

0.0.3 (2025-08-12)

• Breaking change: Use ERC20Bridgeable from OpenZeppelin Contracts 5.4.0 instead of Community Contracts (#619)

0.0.2 (2025-07-03)

• Stellar: Add Stablecoin with Limitations and Access Control (ownable and roles). (#575)

0.0.1 (2025-06-20)

• Add support for Wizard MCP server. (#569)

@openzeppelin/wizard@0.10.9

Changelog

0.10.9 (2026-05-20)

• Escape opts.name and opts.uri when generating Hardhat and Foundry test files. Only affects callers of zipHardhat / zipFoundry; these functions are not part of the documented public API.

0.10.8 (2026-04-07)

• Add package APIs for getting versioned remappings. (#786)
  • Export getVersionedRemappings from the Solidity, Confidential, and Uniswap Hooks package roots for internal use by other Wizard packages.
  • Add getVersionedRemappings to the Confidential erc7984 API and the Uniswap Hooks hooks API for consistency with the Solidity contract APIs.
  • Internal breaking change: Removed the internal print-versioned entrypoints; internal consumers should use getVersionedRemappings instead.

0.10.7 (2026-02-26)

• Make ERC20Permit optional when ERC20Votes is enabled (#778)
• Solidity erc20, stablecoin, realWorldAsset: Support 'erc7786native' option for crossChainBridging. (#747)
  • Uses OpenZeppelin Contracts 5.6.0
  • Breaking changes: Solidity erc20, stablecoin, realWorldAsset: 'custom' option for crossChainBridging now requires access control, and adds a function to allow updating the token bridge address after deployment. Constructor/initializer parameter order changed due to access control requirement.

0.10.6 (2026-02-17)

• Add support for Confidential Contracts Wizard (#652)

0.10.5 (2026-01-27)

• Fix missing dependency for get-versioned-remappings with Webpack (#766)

0.10.4 (2025-11-28)

• Add support for Uniswap Hooks Wizard (#628)

0.10.3 (2025-11-26)

• Fix missing dependency for get-versioned-remappings (#740)

0.10.2 (2025-11-12)

• Solidity account signer: Add WebAuthn to the list of signers available. (#718)
• Fixed bug with incorrect names in generated comment for Multisig account. (#720)
• Add API function to get versioned remappings. (#724)
• Breaking changes: Solidity Stablecoin and RWA: Change custodian option to freezable. Replace ERC20Custodian with ERC20Freezable. (#719)
• Solidity account signer: Fix grammar in comment (#711)

0.10.0 (2025-11-03)

• Update @openzeppelin/contracts and @openzeppelin/contracts-upgradeable dependencies to 5.5.0 (#681)

  • Breaking changes:
    • Solidity account signer: ERC7702 option is renamed as EIP7702. Imported contract SignerERC7702 is renamed as SignerEIP7702.
    • Solidity upgradeable contracts: Initializable and UUPSUpgradeable are imported from @openzeppelin/contracts instead of @openzeppelin/contracts-upgradeable.

• Breaking changes: Solidity Stablecoin and RWA: Change limitations option to restrictions. Replace ERC20Allowlist and ERC20Blocklist with ERC20Restricted. (#715)

0.9.0 (2025-10-29)

• Breaking changes: Use namespaced storage instead of state variables when upgradeability is enabled. (#704)
  • For ERC-20, use namespaced storage for tokenBridge when cross-chain bridging is set to 'custom' and upgradeability is enabled.
  • For ERC-721, use namespaced storage for _nextTokenId when mintable, auto increment IDs, and upgradeability are enabled.

0.8.1 (2025-10-14)

• Updated community-contracts digest version (#659)
• Updated community-contracts digest version (#677)

0.8.0 (2025-09-16)

• Add constructors for SignerECDSA, SignerP256, SignerRSA, SignerERC7702, SignerERC7913, MultiSignerERC7913 and MultiSignerERC7913Weighted (#609)
• Enable upgradeability for AccountERC7579, AccountERC7579Hooked, SignerECDSA, SignerP256, SignerRSA, SignerERC7702, SignerERC7913 and MultiSignerERC7913 (#609)
• Breaking change: Use Account, AccountERC7579, AccountERC7579Hooked, ERC7812, ERC7739Utils, ERC7913Utils, AbstractSigner, SignerECDSA, SignerP256, SignerRSA, SignerERC7702, SignerERC7913, MultiSignerERC7913, and MultiSignerERC7913Weighted from OpenZeppelin Contracts 5.4.0 instead of Community Contracts (#609)
• Remove all initializers from non-upgradeable accounts. (#658)

0.7.1 (2025-08-15)

• Add compatible git commit in comments when importing OpenZeppelin Community Contracts (#627)

0.7.0 (2025-08-12)

• Breaking change: Use ERC20Bridgeable from OpenZeppelin Contracts 5.4.0 instead of Community Contracts (#619)

0.6.0 (2025-06-20)

• Add support for Wizard MCP server. (#569)

  • Possibly breaking changes:
    • Governor: Remove usage of access option. This option now has no effect.

• Accounts: Add _disableInitializers() to account implementations (#568)

0.5.6 (2025-05-21)

• MultisigERC7913: Add onlyEntryPointOrSelf modifier to public configuration functions. (#554)
• Use onlyGovernance to restrict upgrades for Governor with UUPS (#544)
  • Potentially breaking changes:
    • Governor with UUPS: _authorizeUpgrade function is restricted by onlyGovernance instead of onlyOwner

0.5.5 (2025-05-13)

• Add account contract types for ERC-4337. (#486, #523, #527)
• Use unicode syntax for strings with non-ASCII characters (#476)
• Remove redundant overrides in Governor. (#522)
• Simplify Community Contracts imports. (#537)
• Potentially breaking changes:
  • Update pragma versions to 0.8.27. (#486)
  • Changes import path format for @openzeppelin/community-contracts. (#537)

0.5.4 (2025-04-01)

• Add validation for ERC20 premint field. (#488)
• Add callback in ERC20 features. (#500)

0.5.3 (2025-03-13)

• Add ERC20 Cross-Chain Bridging, SuperchainERC20. (#436)
  Note: Cross-Chain Bridging is experimental and may be subject to change.

• Potentially breaking changes:

  • Change order of constructor argument recipient when using premint.

0.5.2 (2025-02-21)

• Fix modifiers order to follow Solidity style guides. (#450)
• ERC721: Return tokenId on safeMint with incremental id. (#455)

0.5.1 (2025-02-05)

• Potentially breaking changes:
  • Add constructor argument recipient when using premint in erc20, stablecoin, and realWorldAsset. (#435)

0.5.0 (2025-01-23)

• Update to use TypeScript v5. (#231)

• Remove unused dependencies. (#430)

• Breaking changes:

  • Update Contracts Wizard license to AGPLv3. (#424)

0.4.6 (2024-11-20)

• Use named imports. (#411)

0.4.5 (2024-11-18)

• Add stablecoin and realWorldAsset contract types. (#404)
  Note: stablecoin and realWorldAsset are experimental and may be subject to change.

0.4.4 (2024-10-23)

Potentially breaking changes

• Update pragma versions to 0.8.22. (#401)

0.4.3 (2024-04-08)

• Add timestamp based Governor and Votes clock options. (#347)

0.4.2 (2024-02-22)

• Add code comments for compatible OpenZeppelin Contracts versions. (#331)

0.4.1 (2023-10-18)

• Add managed access control option for use with AccessManager. (#298)

0.4.0 (2023-10-05)

Breaking changes

• Update to OpenZeppelin Contracts 5.0. (#284)
• Require constructor or initializer arguments for initial owner or role assignments if using access control.
• Use token-specific pausable extensions.
• Enable ERC20Permit by default.

0.3.0 (2023-05-25)

• Breaking change: Update to OpenZeppelin Contracts 4.9. (#252)
• Change default voting delay to 1 day in governor. (#258)

0.2.3 (2023-03-23)

• Fix module not found error. (#235)

0.2.2 (2023-03-17)

• Fix missing file. (#234)

0.2.1 (2023-03-17)

• Remove unspecified dependency on @openzeppelin/contracts. (#233)

0.2.0 (2022-11-08)

• Reduce default block time to 12 seconds in governor. (fdcf912)
• Breaking change: Update to OpenZeppelin Contracts 4.8 and Solidity ^0.8.9. (#199)

0.1.1 (2022-06-30)

• Support custom contract type, optional access control. (#112)

0.1.0 (2022-06-15)

• Initial API for Solidity. (#136)

[coderabbitai]

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: b96e76ae-a996-45cb-a85b-6f71c5dc6473

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

Walkthrough

This PR bumps version numbers and updates changelogs for two coordinated releases: @openzeppelin/wizard-common from 0.5.0 to 0.5.1, and @openzeppelin/wizard from 0.10.8 to 0.10.9. The wizard-common dependency reference is updated to point to the new wizard version.

Changes

wizard-common 0.5.1 Release

Layer / File(s)	Summary
Changelog and package version update packages/common/CHANGELOG.md, packages/common/package.json	Version bumped to 0.5.1 with changelog entry documenting Cairo ERC721Consecutive and ERC6909 extension additions, plus access schema defaulting changes. Dependency on @openzeppelin/wizard updated to ^0.10.9.

wizard solidity 0.10.9 Release

Layer / File(s)	Summary
Changelog and package version update packages/core/solidity/CHANGELOG.md, packages/core/solidity/package.json	Version bumped to 0.10.9 with changelog entry documenting escaping of opts.name and opts.uri in Hardhat and Foundry test file generation.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Suggested labels

ignore-changeset

Suggested reviewers

• ericglau
• bidzyyys
• pasevin

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Prepare Release' directly describes the main purpose of this changeset PR, which is to prepare the repositories for new package releases.
Description check	✅ Passed	The description is directly related to the changeset, providing context about the Changesets release action, the packages being released (@openzeppelin/wizard-common@0.5.1 and @openzeppelin/wizard@0.10.9), and the release notes for each package.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch changeset-release/master

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​nomicfoundation/​hardhat-toolbox@​6.1.0
	hardhat@​2.26.3 ⏵ 2.26.5			+2	+3

View full report

[socket-security]

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring alerts on:

• @nomicfoundation/hardhat-chai-matchers@2.1.0
• @nomicfoundation/hardhat-ignition@0.15.13
• @nomicfoundation/hardhat-ignition-ethers@0.15.14
• @nomicfoundation/hardhat-network-helpers@1.1.0
• @nomicfoundation/hardhat-toolbox@6.1.0
• @nomicfoundation/hardhat-verify@2.1.1
• @nomicfoundation/ignition-core@0.15.13
• @nomicfoundation/ignition-ui@0.15.12
• @solidity-parser/parser@0.20.2
• @typechain/ethers-v6@0.5.1
• @typechain/hardhat@9.1.0
• @types/bn.js@5.2.0
• @types/chai@4.3.20
• @types/chai-as-promised@7.1.8
• @types/glob@7.2.0
• @types/minimatch@5.1.2
• @types/mocha@10.0.10
• @types/pbkdf2@3.1.2
• @types/prettier@2.7.3
• @types/secp256k1@4.0.6
• abitype@1.0.8
• amdefine@1.0.1
• array-back@3.1.0
• array-back@4.0.2
• assertion-error@1.1.0
• astral-regex@2.0.0
• async@1.5.2
• asynckit@0.4.0
• at-least-node@1.0.0
• axios@1.11.0
• base-x@3.0.11
• blakejs@1.2.1
• brotli-wasm@2.0.1
• browserify-aes@1.2.0
• bs58@4.0.1
• bs58check@2.1.2
• buffer-xor@1.0.3
• chai@4.5.0
• chai-as-promised@7.1.2
• charenc@0.0.2
• check-error@1.0.3
• cipher-base@1.0.6
• cli-table3@0.6.5
• combined-stream@1.0.8
• command-line-args@5.2.1
• command-line-usage@6.1.3
• typical@5.2.0
• typical@4.0.0
• create-hash@1.2.0
• create-hash@1.1.3
• create-hmac@1.1.7
• crypt@0.0.2
• death@1.1.0
• deep-eql@4.1.4
• deep-extend@0.6.0
• delayed-stream@1.0.0
• difflib@0.2.4
• es-set-tostringtag@2.1.0
• escodegen@1.8.1
• ethereum-bloom-filters@1.2.0
• ethereumjs-util@7.1.5
• ethjs-unit@0.1.6
• evp_bytestokey@1.0.3
• find-replace@3.0.0
• form-data@4.0.4
• get-func-name@2.0.2
• ghost-testrpc@0.0.2
• global-modules@2.0.0
• global-prefix@3.0.0
• handlebars@4.7.8
• hardhat-gas-reporter@2.3.0
• hash-base@3.1.0
• hash-base@2.0.2
• heap@0.2.7
• immer@10.0.2
• ini@1.3.8
• interpret@1.4.0
• is-hex-prefixed@1.0.0
• isows@1.0.7
• json-stringify-safe@5.0.1
• json5@2.2.3
• jsonschema@1.5.0
• kind-of@6.0.3
• lodash.camelcase@4.3.0
• lodash.clonedeep@4.5.0
• lodash.truncate@4.4.2
• loupe@2.3.7
• markdown-table@2.0.0
• md5.js@1.3.5
• micro-ftch@0.3.1
• ndjson@2.0.0
• neo-async@2.6.2
• node-emoji@1.11.0
• number-to-bn@1.7.0
• ordinal@1.0.3
• ox@0.8.6
• pathval@1.1.1
• pbkdf2@3.1.3
• ripemd160@2.0.1
• ripemd160@2.0.2
• prompts@2.4.2
• proxy-from-env@1.1.0
• rechoir@0.6.2
• recursive-readdir@2.2.3
• reduce-flatten@2.0.0
• repeat-string@1.6.1
• rlp@2.2.7
• sc-istanbul@0.4.6
• scrypt-js@3.0.1
• secp256k1@4.0.4
• sha.js@2.4.12
• sha1@1.1.1
• shelljs@0.8.5
• sisteransi@1.0.5
• solidity-coverage@0.8.16
• split2@3.2.2
• string-format@2.0.0
• strip-hex-prefix@1.0.0
• table@6.9.0
• table-layout@1.0.2
• through2@4.0.2
• to-buffer@1.2.1
• ts-command-line-args@2.5.1
• ts-essentials@7.0.3
• type-detect@4.1.0
• typechain@8.3.2
• typed-array-buffer@1.0.3
• uglify-js@3.19.3
• utf8@3.0.0
• viem@2.33.3
• web3-utils@1.10.4
• wordwrap@1.0.0
• wordwrapjs@4.0.1
• ansi-styles@3.2.1
• has-flag@3.0.0
• has-flag@1.0.0
• ajv@8.17.1
• optionator@0.8.3
• fs-extra@9.1.0
• supports-color@5.5.0
• supports-color@3.2.3
• color-convert@1.9.3
• levn@0.3.0
• which@1.3.1
• estraverse@1.9.3
• prelude-ls@1.1.2
• type-check@0.3.2
• color-name@1.1.3
• eventemitter3@5.0.1
• source-map@0.2.0
• glob@5.0.15
• glob@7.1.7
• @noble/hashes@1.2.0
• ws@8.18.2
• @ethereumjs/util@8.1.0
• isarray@2.0.5
• @scure/bip32@1.1.5
• @scure/bip39@1.1.1
• slice-ansi@4.0.0
• @adraffy/ens-normalize@1.11.0
• node-addon-api@5.1.0
• @ethereumjs/rlp@4.0.1
• @ethersproject/address@5.6.1
• esprima@2.7.3
• bn.js@4.11.6
• chalk@2.4.2
• resolve@1.1.7
• globby@10.0.2
• hardhat@2.26.5
• ethereum-cryptography@0.1.3
• ethereum-cryptography@1.2.0
• @noble/curves@1.9.6
• @noble/curves@1.9.2
• cbor@9.0.2
• cbor@8.1.0
• fast-uri@3.0.6
• kleur@3.0.3
• tinyglobby@0.2.15
• mkdirp@1.0.4
• nopt@3.0.6
• abbrev@1.0.9

View full report

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@packages/common/CHANGELOG.md`:
- Line 8: The changelog entry "Cairo: Default DAR delay fields in the `access`
schema so callers don't need to supply them for non-`roles-dar` access types."
is missing its list marker; prepend a hyphen and a space ("- ") to that line so
it matches the surrounding bullet format and renders consistently with other
release entries.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: d5d0f1ae-1494-439c-85a6-a490a7541e80

📥 Commits

Reviewing files that changed from the base of the PR and between ec12c44 and fe1128a.

📒 Files selected for processing (7)

• .changeset/agile-newt-erc721-consecutive.md
• .changeset/deep-frogs-kneel.md
• .changeset/lemon-islands-rest.md
• packages/common/CHANGELOG.md
• packages/common/package.json
• packages/core/solidity/CHANGELOG.md
• packages/core/solidity/package.json

💤 Files with no reviewable changes (3)

• .changeset/agile-newt-erc721-consecutive.md
• .changeset/lemon-islands-rest.md
• .changeset/deep-frogs-kneel.md

[ericglau]

@SocketSecurity ignore-all
Items are part of hardhat-toolbox which should be updated separately and is only used in local environments. Also AI reported false positives.