Bump node from 20-alpine to 25-alpine#1
Closed
dependabot[bot] wants to merge 1 commit into
Closed
Conversation
Bumps node from 20-alpine to 25-alpine. --- updated-dependencies: - dependency-name: node dependency-version: 25-alpine dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
Contributor
Author
|
Looks like node is no longer being updated by Dependabot, so this is no longer needed. |
This was referenced May 14, 2026
Landing page: fix the four broken-link references (status.zeroauth.dev x2 + api.zeroauth.dev x2)
#32
Merged
pulkitpareek18
added a commit
that referenced
this pull request
May 28, 2026
First issue of the BFSI v1 compliance roadmap, owned by Agent #36 (Chief Compliance Officer). Covers the four certification tracks that gate the 12-month plan: DPDP Act 2023, the four binding RBI Master Directions (IT Governance, Digital Lending, Digital Payment Security Controls, KYC), SOC 2 Type I + Type II, and ISO/IEC 27001:2022. The RBI Sandbox application is tracked alongside as a Q3 deliverable. Eight sections per the agent-36 W1-Mon ticket: 1. Scope (in/out + India primary, GCC/UK secondary v2 lookahead). 2. Frameworks tracked with auditor + counsel relationships. 3. Q1-Q4 milestones aligned to the phase map in docs/plan/bfsi-v1/00-README.md. 4. Per-quarter deliverables table (D-Qn-NN IDs, owner agent, target week, dependencies) covering the year end-to-end. 5. Audit calendar weeks 1-52 listing every external interaction. 6. Vendor + counsel calendar (DPDP counsel, external cryptographer, SOC 2 auditor, ISO lead auditor, smart-contract audit firm, RBI counsel, bug bounty platform, evidence collector tool). 7. Open dependencies + risks (R-COMP-01..08) with owner + mitigation for each. Explicitly captures the three risks called out in the ticket: DPDP rule notification mid-evidence, evidence-collector tool slip, trusted-setup ceremony slip blocking ISO certification. 8. Document hygiene rules: quarterly retros in docs/compliance/retros/, regulator interaction log in docs/compliance/regulator-log.md, evidence pack rotation each quarter. Cross-references docs/plan/bfsi-v1/06-ways-of-working.md for the escalation path and docs/threat_model.md for the attack catalogue that control narratives map to. Calls out the trusted-setup ceremony artefact at docs/cryptography/trusted-setup-ceremony.md as the input to ISO Annex A.5.31 and SOC 2 CC6.1 evidence. [no-test] markdown-only deliverable per ticket. Reviewer: Agent #1.
pulkitpareek18
pushed a commit
that referenced
this pull request
May 28, 2026
First issue of the enterprise risk register at docs/compliance/risk/enterprise-risk-register-v1.md. Captures the 10 baseline commercial, operational, regulatory, strategic, security, and financial risks that the founder, CCO, CRO, and Risk & Audit lead carry on their dashboards. Distinct from docs/threat_model.md, which holds the technical attack catalogue (A-NN rows). Each enterprise risk references the threat-model rows it relates to so the two documents stay bidirectionally linked per the §6.5 operating principle. Document deliverable A40-W1-Mon from docs/plan/bfsi-v1/agents/agent-40-risk-audit.md. Pairs with the compliance roadmap at docs/compliance/compliance-roadmap-v1.md whose §7 holds the thinner compliance-bearing subset; this register is the authoritative copy. References docs/threat_model.md throughout (A-02, A-07, A-09, A-10, A-13, A-17, A-21, A-22, A-28) and docs/cryptography/trusted-setup-ceremony.md (R-ENT-04, R-ENT-07) and docs/compliance/privacy/data-inventory-v1.md (R-ENT-03 scoping). Risks classified by likelihood (1..5) x impact (1..5) with appetite bands accept <= 6, review 7-12, reject >= 13. At v1 all residuals sit in the auto-accept band after mitigation. Cadence is weekly walk by Agent #40, monthly review with Agent #1 + #36 + #42 on the 15th, quarterly board review in the last week of each Q, plus event-driven triggers per §6.3. Sign-offs in §7. [no-test] markdown-only documentation deliverable. Next review 2026-06-01 per A40-W2-Mon ticket which updates the register with commit hashes for closed mitigations.
pulkitpareek18
added a commit
that referenced
this pull request
May 28, 2026
First issue of the BFSI v1 compliance roadmap, owned by Agent #36 (Chief Compliance Officer). Covers the four certification tracks that gate the 12-month plan: DPDP Act 2023, the four binding RBI Master Directions (IT Governance, Digital Lending, Digital Payment Security Controls, KYC), SOC 2 Type I + Type II, and ISO/IEC 27001:2022. The RBI Sandbox application is tracked alongside as a Q3 deliverable. Eight sections per the agent-36 W1-Mon ticket: 1. Scope (in/out + India primary, GCC/UK secondary v2 lookahead). 2. Frameworks tracked with auditor + counsel relationships. 3. Q1-Q4 milestones aligned to the phase map in docs/plan/bfsi-v1/00-README.md. 4. Per-quarter deliverables table (D-Qn-NN IDs, owner agent, target week, dependencies) covering the year end-to-end. 5. Audit calendar weeks 1-52 listing every external interaction. 6. Vendor + counsel calendar (DPDP counsel, external cryptographer, SOC 2 auditor, ISO lead auditor, smart-contract audit firm, RBI counsel, bug bounty platform, evidence collector tool). 7. Open dependencies + risks (R-COMP-01..08) with owner + mitigation for each. Explicitly captures the three risks called out in the ticket: DPDP rule notification mid-evidence, evidence-collector tool slip, trusted-setup ceremony slip blocking ISO certification. 8. Document hygiene rules: quarterly retros in docs/compliance/retros/, regulator interaction log in docs/compliance/regulator-log.md, evidence pack rotation each quarter. Cross-references docs/plan/bfsi-v1/06-ways-of-working.md for the escalation path and docs/threat_model.md for the attack catalogue that control narratives map to. Calls out the trusted-setup ceremony artefact at docs/cryptography/trusted-setup-ceremony.md as the input to ISO Annex A.5.31 and SOC 2 CC6.1 evidence. [no-test] markdown-only deliverable per ticket. Reviewer: Agent #1.
pulkitpareek18
pushed a commit
that referenced
this pull request
May 28, 2026
First issue of the enterprise risk register at docs/compliance/risk/enterprise-risk-register-v1.md. Captures the 10 baseline commercial, operational, regulatory, strategic, security, and financial risks that the founder, CCO, CRO, and Risk & Audit lead carry on their dashboards. Distinct from docs/threat_model.md, which holds the technical attack catalogue (A-NN rows). Each enterprise risk references the threat-model rows it relates to so the two documents stay bidirectionally linked per the §6.5 operating principle. Document deliverable A40-W1-Mon from docs/plan/bfsi-v1/agents/agent-40-risk-audit.md. Pairs with the compliance roadmap at docs/compliance/compliance-roadmap-v1.md whose §7 holds the thinner compliance-bearing subset; this register is the authoritative copy. References docs/threat_model.md throughout (A-02, A-07, A-09, A-10, A-13, A-17, A-21, A-22, A-28) and docs/cryptography/trusted-setup-ceremony.md (R-ENT-04, R-ENT-07) and docs/compliance/privacy/data-inventory-v1.md (R-ENT-03 scoping). Risks classified by likelihood (1..5) x impact (1..5) with appetite bands accept <= 6, review 7-12, reject >= 13. At v1 all residuals sit in the auto-accept band after mitigation. Cadence is weekly walk by Agent #40, monthly review with Agent #1 + #36 + #42 on the 15th, quarterly board review in the last week of each Q, plus event-driven triggers per §6.3. Sign-offs in §7. [no-test] markdown-only documentation deliverable. Next review 2026-06-01 per A40-W2-Mon ticket which updates the register with commit hashes for closed mitigations.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps node from 20-alpine to 25-alpine.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)