chore(deps): bump graphql from 16.12.0 to 16.14.0 in /backend#379
Closed
dependabot[bot] wants to merge 444 commits into
Closed
chore(deps): bump graphql from 16.12.0 to 16.14.0 in /backend#379dependabot[bot] wants to merge 444 commits into
dependabot[bot] wants to merge 444 commits into
Conversation
…oof-hashing feat: Implement Audit-Log Tamper-Proof Hashing Service (#58)
- Add four defined roles: SuperAdmin, FinanceManager, HRManager, ReadOnlyAuditor - Implement JWT-based authentication with signed claims validation - Create granular permission system with role-based endpoint access - Prevent internal privilege escalation through middleware validation - Add comprehensive audit logging with role tracking - Include RBAC-specific test suite and pipeline integration - Update documentation with RBAC implementation details Security improvements: - HR managers can view vesting schedules but cannot modify them - Finance managers limited to withdrawal/revenue operations - All API requests validated against JWT claims - Enhanced audit trail with user role context
…trancy-tests Feature/cross contract reentrancy tests
Feature/rbac implementation
- Add compliance API routes for admin management - Integrate Rule 144 compliance middleware into claim endpoints - Add comprehensive compliance tracking and monitoring - Create test files for compliance model and functionality - Update main index.js with compliance service import This implementation provides a secondary security layer that prevents investors from accidentally violating securities laws by enforcing mandatory 6 or 12-month holding periods for restricted securities. Resolves: #129 #72
…nitor-fork Feature/rule144 compliance monitor fork
…g-api-fork Feature/global tax withholding api fork
…expiration-worker-fork Feature/automatic kyc status expiration worker fork
🏦 Bank-Grade Annual Statements - Professional multi-page PDF generation with corporate-quality design - Comprehensive year-long vesting activity aggregation - Fair Market Value (FMV) tracking and realized gains calculation - Monthly breakdowns and detailed claims logs 🔒 Transparency & Security Features - Digital signatures using backend Transparency Key for authenticity - Cryptographic verification API for third-party validation - Tamper-evident design with complete audit trail - Access tracking and archival capabilities for compliance 📊 Financial Intelligence - Multi-vault consolidation into single comprehensive statement - Real-time price integration for accurate year-end valuations - FIFO-based gain/loss computation for tax reporting - Professional currency formatting and localization 🛠️ Technical Implementation - Database migration for annual statements storage - Comprehensive service layer with error handling - RESTful API endpoints for statement management - Complete test coverage with unit and integration tests - Detailed implementation documentation Transforms Vesting-Vault from simple 'Token Lock' to full-featured 'Wealth Management Dashboard' respecting traditional financial requirements. Closes #130 #73
- Fix beneficiary-vault relationship query - Remove TODO comments that were causing issues - Fix PDF service import reference - Remove invalid user_address filter from claims query - Add Beneficiary model import Resolves CI/CD build failures in GitHub Actions
Wraps all Stellar RPC and Horizon API calls in an exponential backoff retry mechanism using p-retry. Fixes #36
Resolves #39. Adds a new endpoint /api/org/:id/analytics/top-claimers to aggregate total claimed tokens grouped by beneficiary address and ordered by highest amount descending.
…esting agreements - Add comprehensive database schema for multi-language legal document storage - Implement SHA-256 hash verification for legal agreement integrity - Add primary language tracking during digital signing process - Create complete audit trail for legal compliance and dispute resolution - Support for 7 languages: English, Spanish, Mandarin, French, German, Japanese, Korean - Add RESTful API endpoints for legal agreement management - Include comprehensive test suite with 95%+ coverage - Add database migration scripts and environment configuration - Bridge gap between code and international law for token vesting This feature enables international team members to sign token purchase agreements in their native language while maintaining cryptographic integrity and legal compliance for cross-border disputes.
feat(ops): Implement auto-retry for RPC calls
Feat/analytics top claimers
…l-hash-storage Feature/multi language legal hash storage
- Add VaultRegistry model to maintain global map of ContractID -> ProjectName - Implement vaultRegistryService to monitor new vault deployments on Stellar - Create vaultRegistryRoutes with list_vaults_by_creator API endpoint - Add vaultRegistryIndexingJob for automated ledger monitoring - Create database migration for vault_registry table - Update main index.js to include registry routes and start indexing job - Add comprehensive tests for vault registry functionality - Update API documentation with new registry endpoints - Create comprehensive README with integration guide This enables Meta-Dashboards to dynamically pull and display all vesting activity on the Stellar network without relying on centralized off-chain databases, making Vesting-Vault a transparent public utility for the entire ecosystem. Resolves #135
…ndexer feat: Implement On-Chain Vesting Registry for Ecosystem Indexers (#135)
Adds documentation mapping the existing vault archival job to the cold storage issue requirements. Fixes #37
Bumps [@graphql-tools/schema](https://github.com/ardatan/graphql-tools/tree/HEAD/packages/schema) from 10.0.31 to 10.0.33. - [Release notes](https://github.com/ardatan/graphql-tools/releases) - [Changelog](https://github.com/ardatan/graphql-tools/blob/master/packages/schema/CHANGELOG.md) - [Commits](https://github.com/ardatan/graphql-tools/commits/@graphql-tools/schema@10.0.33/packages/schema) --- updated-dependencies: - dependency-name: "@graphql-tools/schema" dependency-version: 10.0.33 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [graphql-ws](https://github.com/enisdenjo/graphql-ws) from 5.16.2 to 6.0.8. - [Release notes](https://github.com/enisdenjo/graphql-ws/releases) - [Changelog](https://github.com/enisdenjo/graphql-ws/blob/master/CHANGELOG.md) - [Commits](enisdenjo/graphql-ws@v5.16.2...v6.0.8) --- updated-dependencies: - dependency-name: graphql-ws dependency-version: 6.0.8 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest) from 29.7.0 to 30.3.0. - [Release notes](https://github.com/jestjs/jest/releases) - [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md) - [Commits](https://github.com/jestjs/jest/commits/v30.3.0/packages/jest) --- updated-dependencies: - dependency-name: jest dependency-version: 30.3.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [@opentelemetry/auto-instrumentations-node](https://github.com/open-telemetry/opentelemetry-js-contrib/tree/HEAD/packages/auto-instrumentations-node) from 0.57.1 to 0.74.0. - [Release notes](https://github.com/open-telemetry/opentelemetry-js-contrib/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-js-contrib/blob/main/packages/auto-instrumentations-node/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-js-contrib/commits/auto-instrumentations-node-v0.74.0/packages/auto-instrumentations-node) --- updated-dependencies: - dependency-name: "@opentelemetry/auto-instrumentations-node" dependency-version: 0.74.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [@sentry/profiling-node](https://github.com/getsentry/sentry-javascript) from 10.45.0 to 10.51.0. - [Release notes](https://github.com/getsentry/sentry-javascript/releases) - [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md) - [Commits](getsentry/sentry-javascript@10.45.0...10.51.0) --- updated-dependencies: - dependency-name: "@sentry/profiling-node" dependency-version: 10.51.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [@opentelemetry/sdk-trace-node](https://github.com/open-telemetry/opentelemetry-js) from 2.7.0 to 2.7.1. - [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-js@v2.7.0...v2.7.1) --- updated-dependencies: - dependency-name: "@opentelemetry/sdk-trace-node" dependency-version: 2.7.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [pg](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg) from 8.18.0 to 8.20.0. - [Changelog](https://github.com/brianc/node-postgres/blob/master/CHANGELOG.md) - [Commits](https://github.com/brianc/node-postgres/commits/pg@8.20.0/packages/pg) --- updated-dependencies: - dependency-name: pg dependency-version: 8.20.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…ckend/graphql-tools/schema-10.0.33 chore(deps): bump @graphql-tools/schema from 10.0.31 to 10.0.33 in /backend
…actions/checkout-6 chore(ci): bump actions/checkout from 4 to 6
…actions/setup-node-6 chore(ci): bump actions/setup-node from 4 to 6
…ckend/opentelemetry/exporter-jaeger-2.7.1 chore(deps): bump @opentelemetry/exporter-jaeger from 2.7.0 to 2.7.1 in /backend
…ckend/sentry/node-10.51.0 chore(deps): bump @sentry/node from 10.50.0 to 10.51.0 in /backend
…ckend/graphql-ws-6.0.8 chore(deps): bump graphql-ws from 5.16.2 to 6.0.8 in /backend
…ckend/jest-30.3.0 chore(deps): bump jest from 29.7.0 to 30.3.0 in /backend
Bumps [@aws-sdk/client-secrets-manager](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-secrets-manager) from 3.1037.0 to 3.1043.0. - [Release notes](https://github.com/aws/aws-sdk-js-v3/releases) - [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-secrets-manager/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1043.0/clients/client-secrets-manager) --- updated-dependencies: - dependency-name: "@aws-sdk/client-secrets-manager" dependency-version: 3.1041.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…y/auto-instrumentations-node-0.74.0
…ckend/opentelemetry/auto-instrumentations-node-0.74.0 chore(deps): bump @opentelemetry/auto-instrumentations-node from 0.57.1 to 0.74.0 in /backend
…ckend/aws-sdk/client-secrets-manager-3.1041.0 chore(deps): bump @aws-sdk/client-secrets-manager from 3.1037.0 to 3.1043.0 in /backend
…ling-node-10.51.0
…ckend/sentry/profiling-node-10.51.0 chore(deps): bump @sentry/profiling-node from 10.45.0 to 10.51.0 in /backend
…y/sdk-trace-node-2.7.1
…ckend/opentelemetry/sdk-trace-node-2.7.1 chore(deps): bump @opentelemetry/sdk-trace-node from 2.7.0 to 2.7.1 in /backend
…ckend/pg-8.20.0 chore(deps): bump pg from 8.18.0 to 8.20.0 in /backend
- Removed ethers.js v6.8.1 (EVM library) - Repository now 100% Stellar/Soroban compliant - Uses @stellar/stellar-sdk v15.0.1 for blockchain operations EVM Audit: Removed all EVM dependencies. Backend now clean.
Bumps [graphql](https://github.com/graphql/graphql-js) from 16.12.0 to 16.14.0. - [Release notes](https://github.com/graphql/graphql-js/releases) - [Commits](graphql/graphql-js@v16.12.0...v16.14.0) --- updated-dependencies: - dependency-name: graphql dependency-version: 16.14.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Contributor
Author
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
Contributor
Author
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps graphql from 16.12.0 to 16.14.0.
Release notes
Sourced from graphql's releases.
... (truncated)
Commits
57b385bchore(release): v16.14.0 (#4720)85700edFix mistake in GraphQLError guidance (#4706)8eb6383Allow configuration of theofTypeintrospection depth (#4317)ad9c519Add support for directives on directive definitions (#4521)db2987cfix(valueFromAST): restore variable own-property checks (#4652)123e958chore(release): v16.13.2 (#4632)13f130dUseObject.create(null)over{}to avoid prototype issues - v16 (#4631)6ca59e1backport: internal: streamline release process (#4615) (#4626)df8c53fdocs: dev mode for v17 (#4611)3b5c3f9internal: pin node version for release action (#4610)Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for graphql since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)