Bump solidity-coverage from 0.7.21 to 0.8.0

[dependabot]

Bumps solidity-coverage from 0.7.21 to 0.8.0.

Release notes

Sourced from solidity-coverage's releases.

0.8.0

Hi!

⚠️ This version requires Hardhat >= 2.11.0 (Ethereum Merge)

New Features

A central focus of the 0.8.0 release is improving the coverage tool's branch detection.

Beginning with this version the following syntax is measured as a branch:

OR conditions

When a logical expression is composed with the || operator, both sides can be considered branches. To test the entire expression

if (a == 1 || a == 2)

... a must equal 1, 2 and neither of those values. (Thanks to Gnosis engineer @​rmeissner for proposing this in #175)

Ternary Conditionals

Long ago, when Solidity was 0.4, solidity-coverage treated ternary conditionals like regular if/else statements. Some language improvements v0.5 subsequently made this impossible. Now it's back...

Modifier Invocations

Solidity-coverage already covers the code within modifier definitions. However, each modifier invocation at the function level should really be considered its own branch. Some of the most critical logic in Solidity contracts is handled this way (ex: onlyOwner). Testing the pass/fail cases for each occurrence of these gates protects you from accidentally removing them during a refactor.

Because it's possible to write a modifier which performs a preparatory task and never reverts, there's a new option (modifierWhitelist) which allows you to exclude specific modifiers from branch measurement.

And if you don't like modifier invocation coverage you can turn it off by setting the option measureModifierCoverage to false.

(Many thanks to OpenZeppelin engineer @​nventuro for proposing this improvement in #286 and helping to design it.)

Test Matrix

The hardhat and truffle plugins support a new cli flag: --matrix. (Short for "test matrix".)

This flag generates a JSON object that maps which tests in your suite hit which lines of code. (An example can be seen at [docs/matrix.md][1]. More info can be found in the [advanced docs, here][2].)

This data is useful for many advanced testing applications - Security researcher @​joranhonig has written two that are worth checking out.

• [vertigo][3]: a mutation testing framework
• [tarantula][4]: a fault localization tool

Coverage is often a core component of fuzzing and generative test strategies because it helps narrow the range of inputs required to traverse every path in the code. If you're working on applications like this and have ideas for how solidity-coverage might serve your ends, please feel free to open an issue.

... (truncated)

Changelog

Sourced from solidity-coverage's changelog.

0.8.0 / 2022-09-05

• See release notes at: https://github.com/sc-forks/solidity-coverage/releases/tag/v0.8.0

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #710.