Merge release-v5.3 branch (#5632)

Signed-off-by: Hadrien Croubois <hadrien.croubois@gmail.com>
Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Hadrien Croubois <hadrien.croubois@gmail.com>
Co-authored-by: Francisco Giordano <fg@frang.io>
Co-authored-by: Joseph Delong <joseph@delong.me>
Co-authored-by: Arr00 <13561405+arr00@users.noreply.github.com>
Co-authored-by: Renan Souza <renan.rodrigues.souza1@gmail.com>
Co-authored-by: Ernesto García <ernestognw@gmail.com>
Co-authored-by: Voronor <129545215+voronor@users.noreply.github.com>
Co-authored-by: StackOverflowExcept1on <109800286+StackOverflowExcept1on@users.noreply.github.com>
Co-authored-by: Michalis Kargakis <kargakis@protonmail.com>
Co-authored-by: Bilog WEB3 <155262265+Bilogweb3@users.noreply.github.com>
Co-authored-by: Fallengirl <155266340+Fallengirl@users.noreply.github.com>
Co-authored-by: XxAlex74xX <30472093+XxAlex74xX@users.noreply.github.com>
Co-authored-by: PixelPilot <161360836+PixelPil0t1@users.noreply.github.com>
Co-authored-by: kilavvy <140459108+kilavvy@users.noreply.github.com>
Co-authored-by: Devkuni <155117116+detrina@users.noreply.github.com>
Co-authored-by: Danbo <140512416+dannbbb1@users.noreply.github.com>
Co-authored-by: Ann Wagner <chant_77_swirly@icloud.com>
Co-authored-by: comfsrt <155266597+comfsrt@users.noreply.github.com>
Co-authored-by: Bob <158583129+bouchmann@users.noreply.github.com>
Co-authored-by: JohnBonny <158583902+JohnBonny@users.noreply.github.com>
Co-authored-by: moonman <155266991+moooonman@users.noreply.github.com>
Co-authored-by: kazak <alright-epsilon8h@icloud.com>
Co-authored-by: Wei <ybxerlvqtx@rambler.ru>
Co-authored-by: Maxim Evtush <154841002+maximevtush@users.noreply.github.com>
Co-authored-by: Vitalyr <158586577+Vitaliyr888@users.noreply.github.com>
Co-authored-by: pendrue <158588659+pendrue@users.noreply.github.com>
Co-authored-by: Tronica <wudmytrotest404@gmail.com>
Co-authored-by: emmmm <155267286+eeemmmmmm@users.noreply.github.com>
Co-authored-by: bigbear <155267841+aso20455@users.noreply.github.com>
Co-authored-by: Tomás Andróil <tomasandroil@gmail.com>
Co-authored-by: GooseMatrix <155266802+GooseMatrix@users.noreply.github.com>
Co-authored-by: jasmy <3776356370@qq.com>
Co-authored-by: SITADRITA1 <mrlime2018@gmail.com>
Co-authored-by: Ocenka <testoviydiman1@gmail.com>

.changeset/brave-islands-sparkle.md

@@ -1,5 +0,0 @@
----
-'openzeppelin-solidity': minor
----
-
-`GovernorSequentialProposalId`: Adds a `Governor` extension that sequentially numbers proposal ids instead of using the hash.

.changeset/brown-seals-sing.md

@@ -1,5 +0,0 @@
----
-'openzeppelin-solidity': minor
----
-
-`SafeERC20`: Add `trySafeTransfer` and `trySafeTransferFrom` that do not revert and return false if the transfer is not successful.

.changeset/brown-turkeys-marry.md

@@ -1,5 +0,0 @@
----
-'openzeppelin-solidity': minor
----
-
-`ERC6909TokenSupply`: Add an extension of ERC6909 which tracks total supply for each token id.

.changeset/cyan-taxis-travel.md

@@ -1,5 +0,0 @@
----
-'openzeppelin-solidity': minor
----
-
-`Address`: bubble up revert data on `sendValue` failed call

.changeset/dirty-bananas-shake.md

@@ -1,5 +0,0 @@
----
-'openzeppelin-solidity': minor
----
-
-`ERC6909ContentURI`: Add an extension of ERC6909 which adds content URI functionality.

.changeset/famous-timers-compare.md

@@ -1,5 +0,0 @@
----
-'openzeppelin-solidity': minor
----
-
-`ERC2771Forwarder`: Expose the `_isTrustedByTarget` internal function to check whether a target trusts the forwarder.

.changeset/good-cameras-rush.md

@@ -1,5 +0,0 @@
----
-'openzeppelin-solidity': minor
----
-
-`EnumerableMap`: Add `clear` function to EnumerableMaps which deletes all entries in the map.

.changeset/good-cameras-serve.md

@@ -1,5 +0,0 @@
----
-"openzeppelin-solidity": minor
----
-
-`Calldata`: Library with `emptyBytes` and `emptyString` functions to generate empty `bytes` and `string` calldata types.

.changeset/green-drinks-report.md

@@ -1,5 +0,0 @@
----
-"openzeppelin-solidity": minor
----
-
-`Pausable`: Stop explicitly setting `paused` to `false` during construction.

.changeset/long-walls-draw.md

@@ -1,5 +0,0 @@
----
-'openzeppelin-solidity': minor
----
-
-`IERC6909`: Add the interface for ERC-6909.

.changeset/pretty-lobsters-tan.md

@@ -1,5 +0,0 @@
----
-'openzeppelin-solidity': minor
----
-
-`GovernorProposalGuardian`: Add a governance extension that defines a proposal guardian who can cancel proposals at any stage in their lifecycle.

.changeset/proud-cooks-do.md

@@ -1,5 +0,0 @@
----
-'openzeppelin-solidity': minor
----
-
-`ERC6909Metadata`: Add an extension of ERC6909 which adds metadata functionality.

.changeset/seven-insects-taste.md

@@ -1,5 +0,0 @@
----
-'openzeppelin-solidity': patch
----
-
-`ERC7579Utils`: Add ABI decoding checks on calldata bounds within `decodeBatch`

.changeset/sixty-tips-wink.md

@@ -1,5 +0,0 @@
----
-'openzeppelin-solidity': minor
----
-
-`EnumerableSet`: Add `clear` function to EnumerableSets which deletes all values in the set.

.changeset/ten-fishes-fold.md

@@ -1,5 +0,0 @@
----
-'openzeppelin-solidity': minor
----
-
-`IGovernor`: Add the `getProposalId` function to the governor interface.

.changeset/ten-hats-begin.md

@@ -1,5 +0,0 @@
----
-'openzeppelin-solidity': minor
----
-
-`ERC6909`: Add a standard implementation of ERC6909.

.changeset/ten-peas-mix.md

@@ -1,5 +0,0 @@
----
-'openzeppelin-solidity': minor
----
-
-`Hashes`: Expose `efficientKeccak256` for hashing non-commutative pairs of bytes32 without allocating extra memory.

.changeset/thin-eels-cross.md

@@ -1,5 +0,0 @@
----
-'openzeppelin-solidity': patch
----
-
-`ERC4626`: Use the `asset` getter in `totalAssets`, `_deposit` and `_withdraw`.

CHANGELOG.md

@@ -1,13 +1,63 @@
 # Changelog
 
+## 5.3.0 (2025-04-09)
+
 ### Breaking Changes
 
 - Replace `GovernorCountingOverridable.VoteReceipt` struct parameter member names `hasOverriden` and `overridenWeight` for `hasOverridden` and `overriddenWeight` respectively.
 
 #### Custom error changes
 
-- Replace `GovernorAlreadyOverridenVote` with `GovernorAlreadyOverriddenVote`.
 - Replace `AccessControlNonRevokable` with `AccessControlNonRevocable`.
+- Replace `GovernorAlreadyOverridenVote` with `GovernorAlreadyOverriddenVote`.
+- Replace `GovernorOnlyProposer` with `GovernorUnableToCancel`.
+
+### Changes by category
+
+#### Account
+
+- `ERC4337Utils`: Update the `hash` function to call `getUserOpHash` on the specified entrypoint and add an `ENTRYPOINT_V08` constant. ([#5614](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/5614))
+- `ERC7579Utils`: Add ABI decoding checks on calldata bounds within `decodeBatch`. ([#5371](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/5371))
+- `ERC7579Utils`: Replace `address(0)` with `address(this)` during execution for calldata compression efficiency. ([#5614](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/5614))
+
+#### Governance
+
+- `IGovernor`: Add the `getProposalId` function to the governor interface. ([#5290](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/5290))
+- `GovernorProposalGuardian`: Add a governance extension that defines a proposal guardian who can cancel proposals at any stage in their lifecycle. ([#5303](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/5303))
+- `GovernorSequentialProposalId`: Adds a `Governor` extension that sequentially numbers proposal ids instead of using the hash. ([#5290](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/5290))
+- `GovernorSuperQuorum`: Add a governance extension to support a super quorum. Proposals that meet the super quorum (and have a majority of for votes) advance to the `Succeeded` state before the proposal deadline. ([#5526](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/5526))
+- `GovernorVotesSuperQuorumFraction`: Add a variant of the `GovernorSuperQuorum` extensions where the super quorum is expressed as a fraction of the total supply. ([#5526](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/5526))
+- `TimelockController`: Receive function is now virtual. ([#5509](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/5509))
+
+#### Structures
+
+- `EnumerableSet`: Add `clear` function to EnumerableSets which deletes all values in the set. ([#5486](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/5486))
+- `EnumerableMap`: Add `clear` function to EnumerableMaps which deletes all entries in the map. ([#5486](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/5486))
+- `MerkleTree`: Add an update function that replaces a previously inserted leaf with a new value, updating the tree root along the way. ([#5526](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/5526))
+
+#### Tokens
+
+- `ERC4626`: Use the `asset` getter in `totalAssets`, `_deposit` and `_withdraw`. ([#5322](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/5322))
+- `IERC6909`: Add the interface for ERC-6909. ([#5343](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/5343))
+- `ERC6909`: Add a standard implementation of ERC6909. ([#5394](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/5394))
+- `ERC6909TokenSupply`: Add an extension of ERC6909 which tracks total supply for each token id. ([#5394](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/5394))
+- `ERC6909Metadata`: Add an extension of ERC6909 which adds metadata functionality. ([#5394](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/5394))
+- `ERC6909ContentURI`: Add an extension of ERC6909 which adds content URI functionality. ([#5394](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/5394))
+- `SafeERC20`: Add `trySafeTransfer` and `trySafeTransferFrom` that do not revert and return false if the transfer is not successful. ([#5483](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/5483))
+
+#### Other
+
+- `Address`: bubble up revert data on `sendValue` failed call. ([#5379](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/5379))
+- `Calldata`: Library with `emptyBytes` and `emptyString` functions to generate empty `bytes` and `string` calldata types. ([#5422](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/5422))
+- `ERC2771Forwarder`: Expose the `_isTrustedByTarget` internal function to check whether a target trusts the forwarder. ([#5416](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/5416))
+- `Hashes`: Expose `efficientKeccak256` for hashing non-commutative pairs of bytes32 without allocating extra memory. ([#5442](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/5442))
+- `Initializable`: Add `_initializableStorageSlot` function that returns a pointer to the storage struct. The function allows customizing with a custom storage slot with an `override`. ([#5526](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/5526))
+- `Math`: Add `add512`, `mul512` and `mulShr`. ([#5526](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/5526))
+- `Math`: Add saturating arithmetic operations `saturatingAdd`, `saturatingSub` and `saturatingMul`. ([#5526](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/5526))
+- `MessageHashUtils`: Add `toDataWithIntendedValidatorHash(address, bytes32)`. ([#5526](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/5526))
+- `P256`: Adjust precompile detection in `verifyNative` to consider empty `returndata` on invalid verification. Previously, invalid signatures would've reverted with a `MissingPrecompile` error in chains with RIP-7212 support. ([#5620](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/5620))
+- `Pausable`: Stop explicitly setting `paused` to `false` during construction. ([#5448](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/5448))
+- `Strings`: Add `espaceJSON` that escapes special characters in JSON strings. ([#5526](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/5526))
 
 ## 5.2.0 (2025-01-08)
 

contracts/access/AccessControl.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.0.0) (access/AccessControl.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (access/AccessControl.sol)
 
 pragma solidity ^0.8.20;
 

contracts/access/IAccessControl.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.1.0) (access/IAccessControl.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (access/IAccessControl.sol)
 
 pragma solidity ^0.8.20;
 

contracts/access/manager/AuthorityUtils.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.0.0) (access/manager/AuthorityUtils.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (access/manager/AuthorityUtils.sol)
 
 pragma solidity ^0.8.20;
 
@@ -26,6 +26,10 @@ library AuthorityUtils {
             if staticcall(gas(), authority, add(data, 0x20), mload(data), 0x00, 0x40) {
                 immediate := mload(0x00)
                 delay := mload(0x20)
+
+                // If delay does not fit in a uint32, return 0 (no delay)
+                // equivalent to: if gt(delay, 0xFFFFFFFF) { delay := 0 }
+                delay := mul(delay, iszero(shr(32, delay)))
             }
         }
     }

contracts/account/utils/draft-ERC4337Utils.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.2.0) (account/utils/draft-ERC4337Utils.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (account/utils/draft-ERC4337Utils.sol)
 
 pragma solidity ^0.8.20;
 

contracts/account/utils/draft-ERC7579Utils.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.2.0) (account/utils/draft-ERC7579Utils.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (account/utils/draft-ERC7579Utils.sol)
 
 pragma solidity ^0.8.20;
 

contracts/finance/VestingWallet.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.2.0) (finance/VestingWallet.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (finance/VestingWallet.sol)
 pragma solidity ^0.8.20;
 
 import {IERC20} from "../token/ERC20/IERC20.sol";

contracts/governance/Governor.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.2.0) (governance/Governor.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (governance/Governor.sol)
 
 pragma solidity ^0.8.20;
 

contracts/governance/IGovernor.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.1.0) (governance/IGovernor.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (governance/IGovernor.sol)
 
 pragma solidity ^0.8.20;
 

contracts/governance/TimelockController.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.0.0) (governance/TimelockController.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (governance/TimelockController.sol)
 
 pragma solidity ^0.8.20;
 

contracts/governance/extensions/GovernorCountingFractional.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.1.0) (governance/extensions/GovernorCountingFractional.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (governance/extensions/GovernorCountingFractional.sol)
 
 pragma solidity ^0.8.20;
 

contracts/governance/extensions/GovernorCountingOverridable.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.2.0) (governance/extensions/GovernorCountingOverridable.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (governance/extensions/GovernorCountingOverridable.sol)
 
 pragma solidity ^0.8.20;
 

contracts/governance/extensions/GovernorProposalGuardian.sol

@@ -1,4 +1,5 @@
 // SPDX-License-Identifier: MIT
+// OpenZeppelin Contracts (last updated v5.3.0) (governance/extensions/GovernorProposalGuardian.sol)
 pragma solidity ^0.8.20;
 
 import {Governor} from "../Governor.sol";

contracts/governance/extensions/GovernorSequentialProposalId.sol

@@ -1,4 +1,5 @@
 // SPDX-License-Identifier: MIT
+// OpenZeppelin Contracts (last updated v5.3.0) (governance/extensions/GovernorSequentialProposalId.sol)
 
 pragma solidity ^0.8.20;
 

contracts/governance/extensions/GovernorStorage.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.1.0) (governance/extensions/GovernorStorage.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (governance/extensions/GovernorStorage.sol)
 
 pragma solidity ^0.8.20;
 

contracts/governance/extensions/GovernorSuperQuorum.sol

@@ -1,4 +1,5 @@
 // SPDX-License-Identifier: MIT
+// OpenZeppelin Contracts (last updated v5.3.0) (governance/extensions/GovernorSuperQuorum.sol)
 pragma solidity ^0.8.20;
 
 import {Governor} from "../Governor.sol";

contracts/governance/extensions/GovernorTimelockAccess.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.1.0) (governance/extensions/GovernorTimelockAccess.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (governance/extensions/GovernorTimelockAccess.sol)
 
 pragma solidity ^0.8.20;
 

contracts/governance/extensions/GovernorTimelockCompound.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.1.0) (governance/extensions/GovernorTimelockCompound.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (governance/extensions/GovernorTimelockCompound.sol)
 
 pragma solidity ^0.8.20;
 

contracts/governance/extensions/GovernorTimelockControl.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.1.0) (governance/extensions/GovernorTimelockControl.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (governance/extensions/GovernorTimelockControl.sol)
 
 pragma solidity ^0.8.20;
 

contracts/governance/extensions/GovernorVotesQuorumFraction.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.0.0) (governance/extensions/GovernorVotesQuorumFraction.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (governance/extensions/GovernorVotesQuorumFraction.sol)
 
 pragma solidity ^0.8.20;
 

contracts/governance/extensions/GovernorVotesSuperQuorumFraction.sol

@@ -1,4 +1,5 @@
 // SPDX-License-Identifier: MIT
+// OpenZeppelin Contracts (last updated v5.3.0) (governance/extensions/GovernorVotesSuperQuorumFraction.sol)
 pragma solidity ^0.8.20;
 
 import {Governor} from "../Governor.sol";
@@ -61,6 +62,7 @@ abstract contract GovernorVotesSuperQuorumFraction is GovernorVotesQuorumFractio
 
     /**
      * @dev Returns the super quorum for a `timepoint`, in terms of number of votes: `supply * numerator / denominator`.
+     * See {GovernorSuperQuorum-superQuorum} for more details.
      */
     function superQuorum(uint256 timepoint) public view virtual override returns (uint256) {
         return Math.mulDiv(token().getPastTotalSupply(timepoint), superQuorumNumerator(timepoint), quorumDenominator());

contracts/interfaces/IERC1271.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.1.0) (interfaces/IERC1271.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (interfaces/IERC1271.sol)
 
 pragma solidity ^0.8.20;
 

contracts/interfaces/IERC4626.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.1.0) (interfaces/IERC4626.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (interfaces/IERC4626.sol)
 
 pragma solidity ^0.8.20;
 

contracts/interfaces/draft-IERC4337.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.2.0) (interfaces/draft-IERC4337.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (interfaces/draft-IERC4337.sol)
 
 pragma solidity ^0.8.20;
 

contracts/interfaces/draft-IERC6909.sol

@@ -1,4 +1,5 @@
 // SPDX-License-Identifier: MIT
+// OpenZeppelin Contracts (last updated v5.3.0) (interfaces/draft-IERC6909.sol)
 
 pragma solidity ^0.8.20;
 
@@ -49,7 +50,8 @@ interface IERC6909 is IERC165 {
     function isOperator(address owner, address spender) external view returns (bool);
 
     /**
-     * @dev Sets an approval to `spender` for `amount` tokens of type `id` from the caller's tokens.
+     * @dev Sets an approval to `spender` for `amount` of tokens of type `id` from the caller's tokens. An `amount` of
+     * `type(uint256).max` signifies an unlimited approval.
      *
      * Must return true.
      */

contracts/interfaces/draft-IERC7579.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.2.0) (interfaces/draft-IERC7579.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (interfaces/draft-IERC7579.sol)
 pragma solidity ^0.8.20;
 
 import {PackedUserOperation} from "./draft-IERC4337.sol";

contracts/metatx/ERC2771Forwarder.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.1.0) (metatx/ERC2771Forwarder.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (metatx/ERC2771Forwarder.sol)
 
 pragma solidity ^0.8.20;
 

contracts/mocks/AuthorityMock.sol

@@ -12,7 +12,7 @@ contract NotAuthorityMock is IAuthority {
 }
 
 contract AuthorityNoDelayMock is IAuthority {
-    bool _immediate;
+    bool private _immediate;
 
     function canCall(
         address /* caller */,
@@ -28,14 +28,14 @@ contract AuthorityNoDelayMock is IAuthority {
 }
 
 contract AuthorityDelayMock {
-    bool _immediate;
-    uint32 _delay;
+    bool private _immediate;
+    uint256 private _delay;
 
     function canCall(
         address /* caller */,
         address /* target */,
         bytes4 /* selector */
-    ) external view returns (bool immediate, uint32 delay) {
+    ) external view returns (bool immediate, uint256 delay) {
         return (_immediate, _delay);
     }
 
@@ -43,7 +43,7 @@ contract AuthorityDelayMock {
         _immediate = immediate;
     }
 
-    function _setDelay(uint32 delay) external {
+    function _setDelay(uint256 delay) external {
         _delay = delay;
     }
 }

contracts/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@openzeppelin/contracts",
   "description": "Secure Smart Contract library for Solidity",
-  "version": "5.2.0",
+  "version": "5.3.0",
   "files": [
     "**/*.sol",
     "/build/contracts/*.json",

contracts/proxy/Clones.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.2.0) (proxy/Clones.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (proxy/Clones.sol)
 
 pragma solidity ^0.8.20;
 

contracts/proxy/utils/Initializable.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.0.0) (proxy/utils/Initializable.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (proxy/utils/Initializable.sol)
 
 pragma solidity ^0.8.20;
 

contracts/proxy/utils/UUPSUpgradeable.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.2.0) (proxy/utils/UUPSUpgradeable.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (proxy/utils/UUPSUpgradeable.sol)
 
 pragma solidity ^0.8.22;
 

contracts/token/ERC1155/IERC1155.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.1.0) (token/ERC1155/IERC1155.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (token/ERC1155/IERC1155.sol)
 
 pragma solidity ^0.8.20;
 

contracts/token/ERC1155/utils/ERC1155Utils.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.1.0) (token/ERC1155/utils/ERC1155Utils.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (token/ERC1155/utils/ERC1155Utils.sol)
 
 pragma solidity ^0.8.20;
 

contracts/token/ERC20/ERC20.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.2.0) (token/ERC20/ERC20.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (token/ERC20/ERC20.sol)
 
 pragma solidity ^0.8.20;
 

contracts/token/ERC20/extensions/ERC4626.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.1.0) (token/ERC20/extensions/ERC4626.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (token/ERC20/extensions/ERC4626.sol)
 
 pragma solidity ^0.8.20;
 

contracts/token/ERC20/extensions/draft-ERC20TemporaryApproval.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.1.0) (token/ERC20/extensions/draft-ERC20TemporaryApproval.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (token/ERC20/extensions/draft-ERC20TemporaryApproval.sol)
 
 pragma solidity ^0.8.24;
 

contracts/token/ERC20/utils/SafeERC20.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.2.0) (token/ERC20/utils/SafeERC20.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (token/ERC20/utils/SafeERC20.sol)
 
 pragma solidity ^0.8.20;
 

contracts/token/ERC6909/draft-ERC6909.sol

@@ -1,4 +1,5 @@
 // SPDX-License-Identifier: MIT
+// OpenZeppelin Contracts (last updated v5.3.0) (token/ERC6909/draft-ERC6909.sol)
 
 pragma solidity ^0.8.20;
 
@@ -79,7 +80,7 @@ contract ERC6909 is Context, ERC165, IERC6909 {
 
     /**
      * @dev Creates `amount` of token `id` and assigns them to `account`, by transferring it from address(0).
-     * Relies on the `_update` mechanism
+     * Relies on the `_update` mechanism.
      *
      * Emits a {Transfer} event with `from` set to the zero address.
      *
@@ -93,10 +94,9 @@ contract ERC6909 is Context, ERC165, IERC6909 {
     }
 
     /**
-     * @dev Moves `amount` of token `id` from `from` to `to` without checking for approvals.
-     *
-     * This internal function is equivalent to {transfer}, and can be used to
-     * e.g. implement automatic token fees, slashing mechanisms, etc.
+     * @dev Moves `amount` of token `id` from `from` to `to` without checking for approvals. This function verifies
+     * that neither the sender nor the receiver are address(0), which means it cannot mint or burn tokens.
+     * Relies on the `_update` mechanism.
      *
      * Emits a {Transfer} event.
      *

contracts/token/ERC6909/extensions/draft-ERC6909ContentURI.sol

@@ -1,4 +1,5 @@
 // SPDX-License-Identifier: MIT
+// OpenZeppelin Contracts (last updated v5.3.0) (token/ERC6909/extensions/draft-ERC6909ContentURI.sol)
 
 pragma solidity ^0.8.20;
 

contracts/token/ERC6909/extensions/draft-ERC6909Metadata.sol

@@ -1,4 +1,5 @@
 // SPDX-License-Identifier: MIT
+// OpenZeppelin Contracts (last updated v5.3.0) (token/ERC6909/extensions/draft-ERC6909Metadata.sol)
 
 pragma solidity ^0.8.20;
 

contracts/token/ERC6909/extensions/draft-ERC6909TokenSupply.sol

@@ -1,4 +1,5 @@
 // SPDX-License-Identifier: MIT
+// OpenZeppelin Contracts (last updated v5.3.0) (token/ERC6909/extensions/draft-ERC6909TokenSupply.sol)
 
 pragma solidity ^0.8.20;
 
@@ -26,7 +27,7 @@ contract ERC6909TokenSupply is ERC6909, IERC6909TokenSupply {
         }
         if (to == address(0)) {
             unchecked {
-                // amount <= _balances[id][from] <= _totalSupplies[id]
+                // amount <= _balances[from][id] <= _totalSupplies[id]
                 _totalSupplies[id] -= amount;
             }
         }

contracts/token/ERC721/extensions/ERC721Consecutive.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.1.0) (token/ERC721/extensions/ERC721Consecutive.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (token/ERC721/extensions/ERC721Consecutive.sol)
 
 pragma solidity ^0.8.20;
 

contracts/token/ERC721/extensions/ERC721URIStorage.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.1.0) (token/ERC721/extensions/ERC721URIStorage.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (token/ERC721/extensions/ERC721URIStorage.sol)
 
 pragma solidity ^0.8.20;
 

contracts/token/ERC721/utils/ERC721Utils.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.1.0) (token/ERC721/utils/ERC721Utils.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (token/ERC721/utils/ERC721Utils.sol)
 
 pragma solidity ^0.8.20;
 

contracts/token/common/ERC2981.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.1.0) (token/common/ERC2981.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (token/common/ERC2981.sol)
 
 pragma solidity ^0.8.20;
 

contracts/utils/Arrays.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.1.0) (utils/Arrays.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (utils/Arrays.sol)
 // This file was procedurally generated from scripts/generate/templates/Arrays.js.
 
 pragma solidity ^0.8.20;

contracts/utils/Calldata.sol

@@ -1,4 +1,5 @@
 // SPDX-License-Identifier: MIT
+// OpenZeppelin Contracts (last updated v5.3.0) (utils/Calldata.sol)
 
 pragma solidity ^0.8.20;
 

contracts/utils/Multicall.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.0.1) (utils/Multicall.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (utils/Multicall.sol)
 
 pragma solidity ^0.8.20;
 

contracts/utils/Pausable.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.0.0) (utils/Pausable.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (utils/Pausable.sol)
 
 pragma solidity ^0.8.20;
 

contracts/utils/ReentrancyGuardTransient.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.1.0) (utils/ReentrancyGuardTransient.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (utils/ReentrancyGuardTransient.sol)
 
 pragma solidity ^0.8.24;
 

contracts/utils/ShortStrings.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.1.0) (utils/ShortStrings.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (utils/ShortStrings.sol)
 
 pragma solidity ^0.8.20;
 

contracts/utils/SlotDerivation.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.1.0) (utils/SlotDerivation.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (utils/SlotDerivation.sol)
 // This file was procedurally generated from scripts/generate/templates/SlotDerivation.js.
 
 pragma solidity ^0.8.20;

contracts/utils/Strings.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.2.0) (utils/Strings.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (utils/Strings.sol)
 
 pragma solidity ^0.8.20;
 
@@ -438,6 +438,10 @@ library Strings {
      * @dev Escape special characters in JSON strings. This can be useful to prevent JSON injection in NFT metadata.
      *
      * WARNING: This function should only be used in double quoted JSON strings. Single quotes are not escaped.
+     *
+     * NOTE: This function escapes all unicode characters, and not just the ones in ranges defined in section 2.5 of
+     * RFC-4627 (U+0000 to U+001F, U+0022 and U+005C). ECMAScript's `JSON.parse` does recover escaped unicode
+     * characters that are not in this range, but other tooling may provide different results.
      */
     function escapeJSON(string memory input) internal pure returns (string memory) {
         bytes memory buffer = bytes(input);

contracts/utils/TransientSlot.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.1.0) (utils/TransientSlot.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (utils/TransientSlot.sol)
 // This file was procedurally generated from scripts/generate/templates/TransientSlot.js.
 
 pragma solidity ^0.8.24;

contracts/utils/cryptography/EIP712.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.1.0) (utils/cryptography/EIP712.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (utils/cryptography/EIP712.sol)
 
 pragma solidity ^0.8.20;
 

contracts/utils/cryptography/Hashes.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.1.0) (utils/cryptography/Hashes.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (utils/cryptography/Hashes.sol)
 
 pragma solidity ^0.8.20;
 

contracts/utils/cryptography/MessageHashUtils.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.1.0) (utils/cryptography/MessageHashUtils.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (utils/cryptography/MessageHashUtils.sol)
 
 pragma solidity ^0.8.20;
 

contracts/utils/cryptography/P256.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.1.0) (utils/cryptography/P256.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (utils/cryptography/P256.sol)
 pragma solidity ^0.8.20;
 
 import {Math} from "../math/Math.sol";

contracts/utils/math/Math.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.1.0) (utils/math/Math.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (utils/math/Math.sol)
 
 pragma solidity ^0.8.20;
 

contracts/utils/structs/Checkpoints.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.1.0) (utils/structs/Checkpoints.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (utils/structs/Checkpoints.sol)
 // This file was procedurally generated from scripts/generate/templates/Checkpoints.js.
 
 pragma solidity ^0.8.20;

contracts/utils/structs/CircularBuffer.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.1.0) (utils/structs/CircularBuffer.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (utils/structs/CircularBuffer.sol)
 pragma solidity ^0.8.20;
 
 import {Math} from "../math/Math.sol";

contracts/utils/structs/EnumerableMap.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.1.0) (utils/structs/EnumerableMap.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (utils/structs/EnumerableMap.sol)
 // This file was procedurally generated from scripts/generate/templates/EnumerableMap.js.
 
 pragma solidity ^0.8.20;

contracts/utils/structs/EnumerableSet.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.1.0) (utils/structs/EnumerableSet.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (utils/structs/EnumerableSet.sol)
 // This file was procedurally generated from scripts/generate/templates/EnumerableSet.js.
 
 pragma solidity ^0.8.20;

contracts/utils/structs/MerkleTree.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-// OpenZeppelin Contracts (last updated v5.1.0) (utils/structs/MerkleTree.sol)
+// OpenZeppelin Contracts (last updated v5.3.0) (utils/structs/MerkleTree.sol)
 
 pragma solidity ^0.8.20;
 
@@ -178,7 +178,7 @@ library MerkleTree {
      * root (before the update) and "new" root (after the update). The caller must verify that the reconstructed old
      * root is the last known one.
      *
-     * The `proof` must be an up-to-date inclusion proof for the leaf being update. This means that this function is
+     * The `proof` must be an up-to-date inclusion proof for the leaf being updated. This means that this function is
      * vulnerable to front-running. Any {push} or {update} operation (that changes the root of the tree) would render
      * all "in flight" updates invalid.
      *

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "openzeppelin-solidity",
-  "version": "5.2.0",
+  "version": "5.3.0",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "openzeppelin-solidity",
-      "version": "5.2.0",
+      "version": "5.3.0",
       "license": "MIT",
       "devDependencies": {
         "@changesets/changelog-github": "^0.5.0",

package.json

@@ -1,7 +1,7 @@
 {
   "name": "openzeppelin-solidity",
   "description": "Secure Smart Contract library for Solidity",
-  "version": "5.2.0",
+  "version": "5.3.0",
   "private": true,
   "files": [
     "/contracts/**/*.sol",

test/access/manager/AuthorityUtils.test.js

@@ -2,6 +2,8 @@ const { ethers } = require('hardhat');
 const { expect } = require('chai');
 const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers');
 
+const { MAX_UINT32, MAX_UINT64 } = require('../../helpers/constants');
+
 async function fixture() {
   const [user, other] = await ethers.getSigners();
 
@@ -70,7 +72,7 @@ describe('AuthorityUtils', function () {
       });
 
       for (const immediate of [true, false]) {
-        for (const delay of [0n, 42n]) {
+        for (const delay of [0n, 42n, MAX_UINT32]) {
           it(`returns (immediate=${immediate}, delay=${delay})`, async function () {
             await this.authority._setImmediate(immediate);
             await this.authority._setDelay(delay);
@@ -80,6 +82,14 @@ describe('AuthorityUtils', function () {
           });
         }
       }
+
+      it('out of bound delay', async function () {
+        await this.authority._setImmediate(false);
+        await this.authority._setDelay(MAX_UINT64); // bigger than the expected uint32
+        const result = await this.mock.$canCallWithDelay(this.authority, this.user, this.other, '0x12345678');
+        expect(result.immediate).to.equal(false);
+        expect(result.delay).to.equal(0n);
+      });
     });
 
     describe('when authority replies with empty data', function () {

test/helpers/constants.js

@@ -1,4 +1,5 @@
 module.exports = {
+  MAX_UINT32: 2n ** 32n - 1n,
   MAX_UINT48: 2n ** 48n - 1n,
   MAX_UINT64: 2n ** 64n - 1n,
 };