From 7ad945390ccb8e828f98694991790a4be90194ca Mon Sep 17 00:00:00 2001
From: lance <37203010+lancelaii@users.noreply.github.com>
Date: Wed, 27 Sep 2023 12:26:56 +0800
Subject: [PATCH 1/2] Create security.yml

---
 .github/workflows/security.yml | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 .github/workflows/security.yml

diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
new file mode 100644
index 0000000..06bd6a3
--- /dev/null
+++ b/.github/workflows/security.yml
@@ -0,0 +1,32 @@
+name: Slither Analysis
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  analyze:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      security-events: write
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    - name: Run Slither
+      uses: crytic/slither-action@v0.3.0
+      id: slither
+      with:
+        target: 'contracts/'
+        node-version: 16
+        sarif: results.sarif
+        fail-on: none
+
+    - name: Upload SARIF file
+      uses: github/codeql-action/upload-sarif@v2
+      with:
+        sarif_file: ${{ steps.slither.outputs.sarif }}

From dd4f2e8639aff57f44f3a7d578d9d4dbdf994eb9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 27 Sep 2023 04:27:21 +0000
Subject: [PATCH 2/2] Bump @openzeppelin/contracts-upgradeable from 4.9.0 to
 4.9.3

Bumps [@openzeppelin/contracts-upgradeable](https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable) from 4.9.0 to 4.9.3.
- [Release notes](https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/releases)
- [Changelog](https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/blob/v4.9.3/CHANGELOG.md)
- [Commits](https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/compare/v4.9.0...v4.9.3)

---
updated-dependencies:
- dependency-name: "@openzeppelin/contracts-upgradeable"
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 package-lock.json | 14 +++++++-------
 package.json      |  2 +-
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 6ecca31..d56ebe5 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -10,7 +10,7 @@
       "license": "ISC",
       "dependencies": {
         "@openzeppelin/contracts": "^4.9.0",
-        "@openzeppelin/contracts-upgradeable": "^4.9.0",
+        "@openzeppelin/contracts-upgradeable": "^4.9.3",
         "@openzeppelin/hardhat-upgrades": "^1.27.0"
       },
       "devDependencies": {
@@ -1628,9 +1628,9 @@
       "integrity": "sha512-DUP74AFGKlic2sQb/CmgrN2aUPMFGxRrmCTUxLHsiU2RzwWqVuMPZBxiAyvlff6Pea77uylAX6B5x9W6evEbhA=="
     },
     "node_modules/@openzeppelin/contracts-upgradeable": {
-      "version": "4.9.0",
-      "resolved": "https://registry.npmjs.org/@openzeppelin/contracts-upgradeable/-/contracts-upgradeable-4.9.0.tgz",
-      "integrity": "sha512-+6i2j6vr2fdudTqkBvG+UOosankukxYzg3WN1nqU7ijjQ5A4osWaD3ip6CEz6YvDoSdZgcFVZoiGr7zRlUUoZw=="
+      "version": "4.9.3",
+      "resolved": "https://registry.npmjs.org/@openzeppelin/contracts-upgradeable/-/contracts-upgradeable-4.9.3.tgz",
+      "integrity": "sha512-jjaHAVRMrE4UuZNfDwjlLGDxTHWIOwTJS2ldnc278a0gevfXfPr8hxKEVBGFBE96kl2G3VHDZhUimw/+G3TG2A=="
     },
     "node_modules/@openzeppelin/hardhat-upgrades": {
       "version": "1.27.0",
@@ -10560,9 +10560,9 @@
       "integrity": "sha512-DUP74AFGKlic2sQb/CmgrN2aUPMFGxRrmCTUxLHsiU2RzwWqVuMPZBxiAyvlff6Pea77uylAX6B5x9W6evEbhA=="
     },
     "@openzeppelin/contracts-upgradeable": {
-      "version": "4.9.0",
-      "resolved": "https://registry.npmjs.org/@openzeppelin/contracts-upgradeable/-/contracts-upgradeable-4.9.0.tgz",
-      "integrity": "sha512-+6i2j6vr2fdudTqkBvG+UOosankukxYzg3WN1nqU7ijjQ5A4osWaD3ip6CEz6YvDoSdZgcFVZoiGr7zRlUUoZw=="
+      "version": "4.9.3",
+      "resolved": "https://registry.npmjs.org/@openzeppelin/contracts-upgradeable/-/contracts-upgradeable-4.9.3.tgz",
+      "integrity": "sha512-jjaHAVRMrE4UuZNfDwjlLGDxTHWIOwTJS2ldnc278a0gevfXfPr8hxKEVBGFBE96kl2G3VHDZhUimw/+G3TG2A=="
     },
     "@openzeppelin/hardhat-upgrades": {
       "version": "1.27.0",
diff --git a/package.json b/package.json
index 9fc6cc5..b4f4ec7 100644
--- a/package.json
+++ b/package.json
@@ -16,7 +16,7 @@
   },
   "dependencies": {
     "@openzeppelin/contracts": "^4.9.0",
-    "@openzeppelin/contracts-upgradeable": "^4.9.0",
+    "@openzeppelin/contracts-upgradeable": "^4.9.3",
     "@openzeppelin/hardhat-upgrades": "^1.27.0"
   }
 }