chore(deps): bump actions/checkout from 4 to 6 by dependabot[bot] · Pull Request #128 · TrustSignal-dev/TrustSignal

dependabot · 2026-04-19T12:32:32Z

Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

Persist creds to a separate file by @ericsciple in actions/checkout#2286

v6-beta by @ericsciple in actions/checkout#2298

update readme/changelog for v6 by @ericsciple in actions/checkout#2311

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

Prepare v5.0.0 release by @salmanmkc in actions/checkout#2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.1

What's Changed

Port v6 cleanup to v4 by @ericsciple in actions/checkout#2305

Full Changelog: actions/checkout@v4...v4.3.1

v4.3.0

What's Changed

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

... (truncated)

Commits

de0fac2 Fix tag handling: preserve annotations and explicit fetch-tags (#2356)
064fe7f Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...
8e8c483 Clarify v6 README (#2328)
033fa0d Add worktree support for persist-credentials includeIf (#2327)
c2d88d3 Update all references from v5 and v4 to v6 (#2314)
1af3b93 update readme/changelog for v6 (#2311)
71cf226 v6-beta (#2298)
069c695 Persist creds to a separate file (#2286)
ff7abcd Update README to include Node.js 24 support details and requirements (#2248)
08c6903 Prepare v5.0.0 release (#2238)
Additional commits viewable in compare view

… references in user-facing docs

Ensure critical fraud-prevention and policy text remains visible on small screens by tightening overflow and wrap rules. Increase dark-surface label/footnote font floors and contrast to reduce misread risk for security-relevant claims and disclosures.

…ce docs Security: adds schema-validated integration payloads to reduce ingestion ambiguity and keeps restrictive proprietary licensing to prevent unauthorized redistribution.

Add partnership collateral, demo UI, and webhook simulation scripts for the 2026-03-06 Vanta integration call. Security: add strict HTTP security headers in vercel.api.json and reduce dependency attack surface by removing unused PDF and desktop notifier packages from production web dependencies.

Remove the Deed_Shield git submodule from repository tracking and clean up stale documentation references to the old submodule layout. Security: reduces repository complexity and eliminates stale path references that could cause incorrect operational/security evidence mapping during audits.

chore(security): bump Fastify to 5.8.1 to remediate CVE-2026-3419

feat: complete MVP10 registry hardening artifacts

chore(governance): import db security docs and validation tests

Bumps [fastify-rate-limit](https://github.com/fastify/fastify-rate-limit) from 5.8.0 to 5.9.0. - [Release notes](https://github.com/fastify/fastify-rate-limit/releases) - [Commits](https://github.com/fastify/fastify-rate-limit/commits) --- updated-dependencies: - dependency-name: fastify-rate-limit dependency-version: 5.9.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: chrismaz11 <chrismaz11@me.com>

Bumps [dotenv](https://github.com/motdotla/dotenv) from 17.2.3 to 17.4.2. - [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md) - [Commits](motdotla/dotenv@v17.2.3...v17.4.2) --- updated-dependencies: - dependency-name: dotenv dependency-version: 17.4.2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: chrismaz11 <chrismaz11@me.com>

Bumps [jsdom](https://github.com/jsdom/jsdom) from 26.1.0 to 29.1.1. - [Release notes](https://github.com/jsdom/jsdom/releases) - [Commits](jsdom/jsdom@v26.1.0...v29.1.1) --- updated-dependencies: - dependency-name: jsdom dependency-version: 29.0.2 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: chrismaz11 <chrismaz11@me.com>

Bumps the cargo group with 1 update in the /circuits/non_mem_gadget directory: [rand](https://github.com/rust-random/rand). Updates `rand` from 0.8.5 to 0.8.6 - [Release notes](https://github.com/rust-random/rand/releases) - [Changelog](https://github.com/rust-random/rand/blob/0.8.6/CHANGELOG.md) - [Commits](rust-random/rand@0.8.5...0.8.6) --- updated-dependencies: - dependency-name: rand dependency-version: 0.8.6 dependency-type: indirect dependency-group: cargo ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: chrismaz11 <chrismaz11@me.com>

* chore(deps): bump actions/setup-node from 4 to 6 Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4 to 6. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@v4...v6) --- updated-dependencies: - dependency-name: actions/setup-node dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * ci: unblock PR checks by hardening review and consistency gates * ci: use node 20.20.2 and localize repo-consistency scans --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: chris <chris@chriss-MacBook-Neo.local> Co-authored-by: chrismaz11 <chrismaz11@me.com>

chrismaz11 added 30 commits March 2, 2026 17:30

Merge branch 'master' into work

79f32e9

docs(rebrand): standardize on TrustSignal brand, deprecate DeedShield…

1139f38

… references in user-facing docs

Add landing pricing and CTA

58cee75

Fix CSS overflow and contrast

3f7bd7e

chore: remove committed log file

1d42a5b

feat(integrations): add Vanta-ready API outputs and compliance eviden…

db288a2

…ce docs Security: adds schema-validated integration payloads to reduce ingestion ambiguity and keeps restrictive proprietary licensing to prevent unauthorized redistribution.

fix(api): secure Vercel subdomain runtime and fail safely on missing DB

0b24db6

feat(api): enforce primary-source registry guardrails

00264c3

chore(security): bump fastify to 5.8.1 across workspaces

18acb71

Merge pull request #7 from chrismaz11/cm/feature/vanta-integration-demo

86996b9

chore(security): bump Fastify to 5.8.1 to remediate CVE-2026-3419

feat: mvp10 registries

e6b1d1e

feat: mvp10 registries

1182ad6

chore: add primary-source guardrails and fail-closed registry artifacts

227a55c

Merge pull request #8 from chrismaz11/cm/feature/vanta-integration-demo

c5917bd

feat: complete MVP10 registry hardening artifacts

chore: consolidate test roots and refresh blockers

cf86dc1

chore(governance): import db security docs and validation tests

ffe7d73

Merge pull request #9 from chrismaz11/chore/governance-cherrypick

f12f6c7

chore(governance): import db security docs and validation tests

docs: import passive inspector and operational training manuals

331981c

halo2

95c87ba

Add Codex guardrails and compliance CI checks

227dc09

test(zkp): align external prover fixture with ndjson protocol

10f6894

docs(governance): capture green checks and approval-gated merge status

f6d2057

docs(governance): update evidence to latest passing PR run

566b8b5

chore(governance): consolidate verified controls onto halo2 baseline

406a6ce

fix(ci): unblock actions with license-free scans and rust test repair

f5ec156

fix(test): make CI independent of optional db and ezkl bindings

83942d4

fix(test): stabilize legacy route auth coverage in CI

34fb98f

chrismaz11 dismissed their stale review via 8b8fe06 May 10, 2026 14:57

chrismaz11 previously approved these changes May 10, 2026

View reviewed changes