Upgrading OpenZeppelin contracts-upgradeable from v5.x to v5.y

Hello,

I am currently using contracts and contracts-upgradeable v5.0.2 and want to update to the latest v5.3.0 version in order to use EnumerableMap.Bytes32ToAddressMap from v5.1.0.

What are the risks from this update?

I understand storage derivation has not changed, as they both use the same EIP-7201 namespaces, which could be the most troublesome. I have also read the list of breaking changes, from patch to patch, and it seems they are mostly related to Governor, custom error identifiers, and some minor ERC1967Utils event refactors. My contracts do not rely on the first two, and the ERC1967Utils refactors seem very small.

What should I pay attention to? Is there a reference guide on how to do this upgrade? Thinking from semver alone, I wouldn't be worried, but as these contracts are the cornerstone of my upgradeable proxy system, I'd rather be on the safer side.

Hey @aviggiano, also answering here with more formal details!

We do use Semver to communicate changes to the contracts API and storage layout. This info can be found in our Backwards Compatibility Section, so it's safe to upgrade from any 5.x to a higher 5.y one.

Each release is audited, including diffs so the ERC1967Utils refactor did go through auditors at OpenZeppelin as well.

What should I pay attention to?

For a more comprehensive response to this, I would suggest taking a look to our Upgrades Plugins documentation. We have a couple of guides that describe what to pay attention to when working with upgradeable contracts, as well as detailed explanations of the proxy upgradeability pattern

Best!