chore(deps): bump github/codeql-action from 4.35.4 to 4.35.5#154
Open
dependabot[bot] wants to merge 197 commits into
Open
chore(deps): bump github/codeql-action from 4.35.4 to 4.35.5#154dependabot[bot] wants to merge 197 commits into
dependabot[bot] wants to merge 197 commits into
Conversation
… references in user-facing docs
Ensure critical fraud-prevention and policy text remains visible on small screens by tightening overflow and wrap rules. Increase dark-surface label/footnote font floors and contrast to reduce misread risk for security-relevant claims and disclosures.
…ce docs Security: adds schema-validated integration payloads to reduce ingestion ambiguity and keeps restrictive proprietary licensing to prevent unauthorized redistribution.
Add partnership collateral, demo UI, and webhook simulation scripts for the 2026-03-06 Vanta integration call. Security: add strict HTTP security headers in vercel.api.json and reduce dependency attack surface by removing unused PDF and desktop notifier packages from production web dependencies.
Remove the Deed_Shield git submodule from repository tracking and clean up stale documentation references to the old submodule layout. Security: reduces repository complexity and eliminates stale path references that could cause incorrect operational/security evidence mapping during audits.
chore(security): bump Fastify to 5.8.1 to remediate CVE-2026-3419
feat: complete MVP10 registry hardening artifacts
chore(governance): import db security docs and validation tests
plans.md, PROJECT_PLAN.md, DECISIONS.md, BLOCKED.md, TASKS.md All safely stored in TrustSignal-dev/trustsignal-internal (private). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Bumps the npm_and_yarn group with 1 update in the /apps/api directory: [fastify](https://github.com/fastify/fastify). Updates `fastify` from 5.8.3 to 5.8.5 - [Release notes](https://github.com/fastify/fastify/releases) - [Commits](fastify/fastify@v5.8.3...v5.8.5) --- updated-dependencies: - dependency-name: fastify dependency-version: 5.8.5 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
- Fix: Make touchApiKey non-blocking in API key validation (was causing 503 errors) - Add: Comprehensive Polygon Amoy anchoring runbook with deployment guide - Add: Quick reference guide for troubleshooting and common operations - Add: Hardened backend signer bootstrap script (no MetaMask required) - Add: Setup validation script for Polygon Amoy testnet - Add: Ops documentation for no-MetaMask production setup Changes: - AnchorRegistry deployed to 0x5aFDfeE3422525543D1e95009e0DCb2b1b385997 on Amoy - Funded signer: 0x1B9829f8B82DBE8054eF6496499aB28f671af862 (~99.99 POL) - RLS disabled on public.api_keys table to fix production key lookups - API key validation now non-blocking for audit updates Verification: - Contract deployed and verified on-chain - Signer wallet funded and ready - Production secrets configured in Vercel - Database health check passing - Full end-to-end test documented
…apps/api/npm_and_yarn-dd6aeadc3f chore(deps): bump fastify from 5.8.3 to 5.8.5 in /apps/api in the npm_and_yarn group across 1 directory
…oup across 1 directory (#147) * chore(deps): bump fast-uri in the npm_and_yarn group across 1 directory Bumps the npm_and_yarn group with 1 update in the / directory: [fast-uri](https://github.com/fastify/fast-uri). Updates `fast-uri` from 3.1.0 to 3.1.2 - [Release notes](https://github.com/fastify/fast-uri/releases) - [Commits](fastify/fast-uri@v3.1.0...v3.1.2) --- updated-dependencies: - dependency-name: fast-uri dependency-version: 3.1.2 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> * ci: unblock PR checks by hardening review and consistency gates * ci: use node 20.20.2 and localize repo-consistency scans --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: chris <chris@chriss-MacBook-Neo.local>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.1 to 4.35.4. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@c10b806...68bde55) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.35.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: chrismaz11 <chrismaz11@me.com>
…m_and_yarn group across 1 directory (#146) * chore(deps): bump fast-uri Bumps the npm_and_yarn group with 1 update in the /apps/api directory: [fast-uri](https://github.com/fastify/fast-uri). Updates `fast-uri` from 3.1.0 to 3.1.2 - [Release notes](https://github.com/fastify/fast-uri/releases) - [Commits](fastify/fast-uri@v3.1.0...v3.1.2) --- updated-dependencies: - dependency-name: fast-uri dependency-version: 3.1.2 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> * ci: unblock PR checks by hardening review and consistency gates * ci: use node 20.20.2 and localize repo-consistency scans --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: chris <chris@chriss-MacBook-Neo.local> Co-authored-by: chrismaz11 <chrismaz11@me.com>
Bumps [fastify-rate-limit](https://github.com/fastify/fastify-rate-limit) from 5.8.0 to 5.9.0. - [Release notes](https://github.com/fastify/fastify-rate-limit/releases) - [Commits](https://github.com/fastify/fastify-rate-limit/commits) --- updated-dependencies: - dependency-name: fastify-rate-limit dependency-version: 5.9.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: chrismaz11 <chrismaz11@me.com>
Bumps [dotenv](https://github.com/motdotla/dotenv) from 17.2.3 to 17.4.2. - [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md) - [Commits](motdotla/dotenv@v17.2.3...v17.4.2) --- updated-dependencies: - dependency-name: dotenv dependency-version: 17.4.2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: chrismaz11 <chrismaz11@me.com>
Bumps [jsdom](https://github.com/jsdom/jsdom) from 26.1.0 to 29.1.1. - [Release notes](https://github.com/jsdom/jsdom/releases) - [Commits](jsdom/jsdom@v26.1.0...v29.1.1) --- updated-dependencies: - dependency-name: jsdom dependency-version: 29.0.2 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: chrismaz11 <chrismaz11@me.com>
Bumps the cargo group with 1 update in the /circuits/non_mem_gadget directory: [rand](https://github.com/rust-random/rand). Updates `rand` from 0.8.5 to 0.8.6 - [Release notes](https://github.com/rust-random/rand/releases) - [Changelog](https://github.com/rust-random/rand/blob/0.8.6/CHANGELOG.md) - [Commits](rust-random/rand@0.8.5...0.8.6) --- updated-dependencies: - dependency-name: rand dependency-version: 0.8.6 dependency-type: indirect dependency-group: cargo ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: chrismaz11 <chrismaz11@me.com>
* chore(deps): bump actions/setup-node from 4 to 6 Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4 to 6. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@v4...v6) --- updated-dependencies: - dependency-name: actions/setup-node dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * ci: unblock PR checks by hardening review and consistency gates * ci: use node 20.20.2 and localize repo-consistency scans --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: chris <chris@chriss-MacBook-Neo.local> Co-authored-by: chrismaz11 <chrismaz11@me.com>
* ci: unblock PR checks by hardening review and consistency gates * security: reduce code scanning findings in workflows and API key hashing * security: add .secrets/ to .gitignore to prevent private key exposure * fix: align test suite to current API contract and auth env naming * fix: restore accidentally deleted .gitignore entries * feat(epc): EPC integration foundation — OAuth2, transaction model, origin endpoint, webhook receiver, credential storage, 19/19 tests passing * merge: resolve master conflicts for EPC foundation Agent-Logs-Url: https://github.com/TrustSignal-dev/TrustSignal/sessions/dd19a24a-8ea9-4b0b-9cef-f07d4c19924b Co-authored-by: chrismaz11 <24700273+chrismaz11@users.noreply.github.com> * chore: align setup-node pin comments Agent-Logs-Url: https://github.com/TrustSignal-dev/TrustSignal/sessions/dd19a24a-8ea9-4b0b-9cef-f07d4c19924b Co-authored-by: chrismaz11 <24700273+chrismaz11@users.noreply.github.com> * Potential fix for pull request finding 'CodeQL / Use of password hash with insufficient computational effort' Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * fix(epc): address PR #150 review comments - credentials.ts: add AUTH_TAG_LENGTH guard in decryptCredential - origin.ts: use Prisma P2002 error code instead of brittle message match - webhook.ts: import Prisma; add P2002 catch to handle concurrent duplicate deliveries - schema.prisma: add @unique to EpcWebhookLog.elliSignature - migration.sql: add UNIQUE INDEX on EpcWebhookLog.elliSignature - server.ts: capture raw body via addContentTypeParser before JSON parse so HMAC verification in webhook handler uses exact bytes - tests/epc/origin.test.ts: update duplicate test to throw PrismaClientKnownRequestError P2002 All 19 EPC tests passing. UNIQUE index applied to Supabase. * fix(lint): suppress no-explicit-any for Fastify rawBody and fix import order in origin test --------- Co-authored-by: chris <chris@chriss-MacBook-Neo.local> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: chrismaz11 <24700273+chrismaz11@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.4 to 4.35.5. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@68bde55...9e0d7b8) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.35.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
|
Unable to deploy a commit from a private repository on your GitHub organization to the Christopher Marziani's projects team on Vercel, which is currently on the Hobby plan. In order to deploy, you can:
To read more about collaboration on Vercel, click here. |
dependabot
Bot
added
dependencies
|
Deployment failed with the following error: |
|
Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits. |
Contributor
Author
|
A newer version of github/codeql-action exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps github/codeql-action from 4.35.4 to 4.35.5.
Release notes
Sourced from github/codeql-action's releases.
Changelog
Sourced from github/codeql-action's changelog.
... (truncated)
Commits
9e0d7b8Merge pull request #3905 from github/update-v4.35.5-d4b4855156d7d599Add changelog entry for #389951f7e38Update changelog for v4.35.5d4b4855Merge pull request #3899 from github/mbg/esbuild/split127de81Merge remote-tracking branch 'origin/main' into mbg/esbuild/split7fde13fUse src + basename in header to avoid issues on Windowsdfa61e7Improve pattern matching and error handling52aafecImport and callrunWrappernormally inanalyzetests0d08c01Auto-generate shared bundle14085a6Auto-generate entry pointsDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)