[Snyk] Upgrade @openzeppelin/contracts from 4.8.1 to 4.9.5

[carlosfkrause]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade @openzeppelin/contracts from 4.8.1 to 4.9.5.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 10 versions ahead of your current version.
• The recommended version was released 2 months ago, on 2023-12-08.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Incorrect Calculation SNYK-JS-OPENZEPPELINCONTRACTS-3339525	479/1000 Why? Has a fix available, CVSS 5.3	No Known Exploit
	Incorrect Calculation SNYK-JS-OPENZEPPELINCONTRACTS-3339527	479/1000 Why? Has a fix available, CVSS 5.3	No Known Exploit
	Improper Input Validation SNYK-JS-OPENZEPPELINCONTRACTS-5425051	479/1000 Why? Has a fix available, CVSS 5.3	No Known Exploit
	Improper Input Validation SNYK-JS-OPENZEPPELINCONTRACTS-5711902	479/1000 Why? Has a fix available, CVSS 5.3	No Known Exploit
	Improper Encoding or Escaping of Output SNYK-JS-OPENZEPPELINCONTRACTS-5838352	479/1000 Why? Has a fix available, CVSS 5.3	No Known Exploit
	Denial of Service (DoS) SNYK-JS-OPENZEPPELINCONTRACTS-5425827	479/1000 Why? Has a fix available, CVSS 5.3	No Known Exploit
	Missing Authorization SNYK-JS-OPENZEPPELINCONTRACTS-5672116	479/1000 Why? Has a fix available, CVSS 5.3	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: @openzeppelin/contracts

• 4.9.5 - 2023-12-08
  
  • Multicall: Patch duplicated Address.functionDelegateCall.
• 4.9.4 - 2023-12-07
  
  • ERC2771Context and Context: Introduce a _contextPrefixLength() getter, used to trim extra information appended to msg.data.
  • Multicall: Make aware of non-canonical context (i.e. msg.sender is not _msgSender()), allowing compatibility with ERC2771Context.
• 4.9.3 - 2023-07-28
  

  Note
  This release contains a fix for GHSA-g4vp-m682-qqmp.

  • ERC2771Context: Return the forwarder address whenever the msg.data of a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length is less than 20 bytes), as specified by ERC-2771. (#4481)
  • ERC2771Context: Prevent revert in _msgData() when a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length is less than 20 bytes). Return the full calldata in that case. (#4484)
• 4.9.2 - 2023-06-16
  

  Note
  This release contains a fix for GHSA-wprv-93r4-jj2p.

  • MerkleProof: Fix a bug in processMultiProof and processMultiProofCalldata that allows proving arbitrary leaves if the tree contains a node with value 0 at depth 1.
• 4.9.1 - 2023-06-07
  

  Note
  This release contains a fix for GHSA-5h3x-9wvq-w4m2.

  • Governor: Add a mechanism to restrict the address of the proposer using a suffix in the description.
• 4.9.0 - 2023-05-23
• 4.9.0-rc.1 - 2023-05-17
• 4.9.0-rc.0 - 2023-05-09
• 4.8.3 - 2023-04-13
• 4.8.2 - 2023-03-02
• 4.8.1 - 2023-01-13

from @openzeppelin/contracts GitHub release notes

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[ernestognw]

Closing after #60 was merged