Fix missing dependency for get-versioned-remappings

[ericglau]

Fixes #734

Packages a openzeppelin-contracts-version.json into the NPM package containing only the version field, instead of using a larger JSON file which was intended for the UI only (and which was missing from the NPM package).

Also adds a packaging test to ensure the package import works.

[coderabbitai]

Walkthrough

This PR fixes a module resolution error in the published package by extracting the version information from the monolithic OpenZeppelin contracts JSON file into a separate, minimal version-only JSON file and TypeScript declarations. It updates the versioned remappings to source the version from this new file, adds it to package metadata, and includes a test validating the packaged module installation.

Changes

Cohort / File(s)	Change Summary
Release metadata .changeset/clear-hoops-joke.md	Adds a patch changeset for @openzeppelin/wizard documenting the fix for missing dependency in get-versioned-remappings.
Package configuration packages/core/solidity/package.json	Adds openzeppelin-contracts-version.json and openzeppelin-contracts-version.d.ts to the files array for NPM distribution.
Git configuration packages/core/solidity/.gitignore	Adds /openzeppelin-contracts-version.json to ignored files alongside the existing /openzeppelin-contracts.json.
Version artifact declarations packages/core/solidity/openzeppelin-contracts-version.d.ts	Introduces TypeScript declarations with OpenZeppelinContractsVersion interface containing a version string property and exports contractsVersion constant.
Build script packages/core/solidity/src/scripts/prepare.ts	Extends prepare script to generate openzeppelin-contracts-version.json file containing only the version field, alongside the existing contracts JSON.
Import source packages/core/solidity/src/get-versioned-remappings.ts	Updates version import source from ../openzeppelin-contracts to ../openzeppelin-contracts-version, using contractsVersion.version in remapping strings.
Package integration test packages/core/solidity/src/package.test.ts	Adds new test validating end-to-end package packing, installation, and module import functionality.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• Most changes are straightforward configuration and build setup updates
• Import/export refactoring is mechanical
• New test follows a clear, linear pattern (pack → install → verify)
• Primary attention areas:
  • Verify the prepare script correctly generates the minimal version JSON
  • Confirm the test adequately validates the packaged installation scenario
  • Ensure TypeScript declarations align with the runtime JSON structure

Possibly related PRs

• Add Solidity Wizard API function to get versioned remappings #724: Introduced the initial get-versioned-remappings import change, which this PR fixes by creating the missing version artifact that PR expected to exist.
• Prepare Release #729: Addresses the same API surface around versioned remappings and package metadata, sharing the version artifact concern.

Suggested reviewers

• CoveMB

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: fixing a missing dependency by packaging a minimal version JSON file instead of the full OpenZeppelin contracts JSON.
Linked Issues check	✅ Passed	The PR fulfills all requirements from issue #734: creates minimal version JSON, adds TypeScript declarations, updates get-versioned-remappings to use the new file, includes files in package.json, adds packaging test, and includes a changeset.
Out of Scope Changes check	✅ Passed	All changes are directly related to fixing the missing dependency issue: new version file generation, TypeScript declarations, updated imports, package.json configuration, and test coverage—no extraneous modifications detected.
Description check	✅ Passed	The PR description clearly explains the issue being fixed (GitHub issue #734) and details the solution: packaging a minimal openzeppelin-contracts-version.json file and adding tests.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​nomicfoundation/​hardhat-toolbox@​6.1.0
	hardhat@​2.26.5

View full report

[socket-security]

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring alerts on:

• has-flag@3.0.0
• chalk@2.4.2
• optionator@0.8.3
• ansi-styles@3.2.1
• supports-color@5.5.0
• color-convert@1.9.3
• color-name@1.1.3
• which@1.3.1
• json5@2.2.3
• prompts@2.4.2
• resolve@1.1.7
• kleur@3.0.3
• sisteransi@1.0.5
• combined-stream@1.0.8
• json-stringify-safe@5.0.1
• delayed-stream@1.0.0
• asynckit@0.4.0
• kind-of@6.0.3
• repeat-string@1.6.1
• fs-extra@9.1.0
• require-from-string@2.0.2
• split2@3.2.2
• at-least-node@1.0.0
• deep-extend@0.6.0
• lodash.camelcase@4.3.0
• @types/minimatch@5.1.2
• ini@1.3.8
• neo-async@2.6.2
• cbor@8.1.0
• utf8@3.0.0
• heap@0.2.7
• glob@7.1.7
• lodash.truncate@4.4.2
• astral-regex@2.0.0
• charenc@0.0.2
• crypt@0.0.2
• interpret@1.4.0
• proxy-from-env@1.1.0
• rechoir@0.6.2
• shelljs@0.8.5
• wordwrap@1.0.0
• @types/glob@7.2.0
• difflib@0.2.4
• through2@4.0.2
• @types/prettier@2.7.3
• global-modules@2.0.0
• global-prefix@3.0.0
• create-hash@1.2.0
• create-hmac@1.1.7
• browserify-aes@1.2.0
• evp_bytestokey@1.0.3
• buffer-xor@1.0.3
• md5.js@1.3.5
• ripemd160@2.0.2
• hash-base@3.1.0
• lodash.clonedeep@4.5.0
• node-emoji@1.11.0
• assertion-error@1.1.0
• pathval@1.1.1
• bs58@4.0.1
• @noble/secp256k1@1.7.1
• async@1.5.2
• glob@5.0.15
• esprima@2.7.3
• amdefine@1.0.1
• bn.js@4.11.6
• blakejs@1.2.1
• @noble/hashes@1.3.2
• scrypt-js@3.0.1
• is-hex-prefixed@1.0.0
• escodegen@1.8.1
• has-flag@1.0.0
• source-map@0.2.0
• supports-color@3.2.3
• bs58check@2.1.2
• ethereum-cryptography@0.1.3
• ethereumjs-util@7.1.5
• rlp@2.2.7
• strip-hex-prefix@1.0.0
• @ethereumjs/rlp@4.0.1
• @noble/hashes@1.2.0
• ethereum-cryptography@1.2.0
• @ethereumjs/util@8.1.0
• @scure/bip32@1.1.5
• @scure/bip39@1.1.1
• @ethersproject/address@5.6.1
• create-hash@1.1.3
• ethjs-unit@0.1.6
• lodash.isequal@4.5.0
• micro-ftch@0.3.1
• number-to-bn@1.7.0
• recursive-readdir@2.2.3
• node-addon-api@5.1.0
• handlebars@4.7.8
• markdown-table@2.0.0
• array-back@3.1.0
• array-back@4.0.2
• command-line-args@5.2.1
• command-line-usage@6.1.3
• find-replace@3.0.0
• reduce-flatten@2.0.0
• table-layout@1.0.2
• ts-essentials@7.0.3
• typical@4.0.0
• typical@5.2.0
• wordwrapjs@4.0.1
• check-error@1.0.3
• get-func-name@2.0.2
• sha1@1.1.1
• ndjson@2.0.0
• aes-js@4.0.0-beta.5
• death@1.1.0
• ghost-testrpc@0.0.2
• ordinal@1.0.3
• sc-istanbul@0.4.6
• string-format@2.0.0
• immer@10.0.2
• loupe@2.3.7
• ripemd160@2.0.1
• hash-base@2.0.2
• ts-command-line-args@2.5.1
• typechain@8.3.2
• @typechain/ethers-v6@0.5.1
• @typechain/hardhat@9.1.0
• @types/chai-as-promised@7.1.8
• @types/pbkdf2@3.1.2
• @types/secp256k1@4.0.6
• brotli-wasm@2.0.1
• cbor@9.0.2
• web3-utils@1.10.4
• chai-as-promised@7.1.2
• cli-table3@0.6.5
• deep-eql@4.1.4
• ws@8.17.1
• ajv@8.17.1
• type-detect@4.1.0
• chai@4.5.0
• ethereum-bloom-filters@1.2.0
• undici-types@6.19.8
• tslib@2.7.0
• uglify-js@3.19.3
• @adraffy/ens-normalize@1.11.0
• @types/chai@4.3.20
• secp256k1@4.0.4
• @types/mocha@10.0.10
• cipher-base@1.0.6
• table@6.9.0
• typed-array-buffer@1.0.3
• abitype@1.0.8
• es-set-tostringtag@2.1.0
• jsonschema@1.5.0
• fast-uri@3.0.6
• base-x@3.0.11
• ws@8.18.2
• solidity-coverage@0.8.16
• isows@1.0.7
• hardhat-gas-reporter@2.3.0
• @types/bn.js@5.2.0
• to-buffer@1.2.1
• pbkdf2@3.1.3
• sha.js@2.4.12
• ethers@6.15.0
• form-data@4.0.4
• @nomicfoundation/hardhat-chai-matchers@2.1.0
• @nomicfoundation/hardhat-ethers@3.1.0
• @nomicfoundation/hardhat-network-helpers@1.1.0
• @nomicfoundation/hardhat-ignition@0.15.13
• @nomicfoundation/hardhat-ignition-ethers@0.15.14
• @nomicfoundation/ignition-core@0.15.13
• @nomicfoundation/ignition-ui@0.15.12
• @nomicfoundation/hardhat-toolbox@6.1.0
• @solidity-parser/parser@0.20.2
• axios@1.11.0
• ox@0.8.6
• @nomicfoundation/hardhat-verify@2.1.1
• viem@2.33.3
• hardhat@2.26.5
• json-schema-traverse@1.0.0
• isarray@2.0.5
• levn@0.3.0
• prelude-ls@1.1.2
• type-check@0.3.2
• globby@10.0.2
• eventemitter3@5.0.1
• slice-ansi@4.0.0
• mkdirp@1.0.4
• estraverse@1.9.3
• @types/node@22.7.5
• nopt@3.0.6
• abbrev@1.0.9
• @noble/curves@1.2.0
• @noble/curves@1.9.6
• @noble/curves@1.9.2
• tinyglobby@0.2.15

View full report

[ericglau]

@SocketSecurity ignore-all
Unrelated to this PR.