Skip to content

chore(deps): bump helmet from 8.0.0 to 8.2.0 in /backend#381

Closed
dependabot[bot] wants to merge 444 commits into
mainfrom
dependabot/npm_and_yarn/backend/helmet-8.2.0
Closed

chore(deps): bump helmet from 8.0.0 to 8.2.0 in /backend#381
dependabot[bot] wants to merge 444 commits into
mainfrom
dependabot/npm_and_yarn/backend/helmet-8.2.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 25, 2026

Copy link
Copy Markdown
Contributor

Bumps helmet from 8.0.0 to 8.2.0.

Changelog

Sourced from helmet's changelog.

8.2.0 - 2026-05-21

  • Cross-Origin-Opener-Policy: support noopener-allow-popups. See #522
  • Improve error message when passing duplicate options

8.1.0 - 2025-03-17

Changed

  • Content-Security-Policy gives a better error when a directive value, like self, should be quoted. See #482
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

akordavid373 and others added 30 commits March 25, 2026 14:06
…oof-hashing

feat: Implement Audit-Log Tamper-Proof Hashing Service (#58)
- Add four defined roles: SuperAdmin, FinanceManager, HRManager, ReadOnlyAuditor
- Implement JWT-based authentication with signed claims validation
- Create granular permission system with role-based endpoint access
- Prevent internal privilege escalation through middleware validation
- Add comprehensive audit logging with role tracking
- Include RBAC-specific test suite and pipeline integration
- Update documentation with RBAC implementation details

Security improvements:
- HR managers can view vesting schedules but cannot modify them
- Finance managers limited to withdrawal/revenue operations
- All API requests validated against JWT claims
- Enhanced audit trail with user role context
…trancy-tests

Feature/cross contract reentrancy tests
- Add compliance API routes for admin management
- Integrate Rule 144 compliance middleware into claim endpoints
- Add comprehensive compliance tracking and monitoring
- Create test files for compliance model and functionality
- Update main index.js with compliance service import

This implementation provides a secondary security layer that prevents
investors from accidentally violating securities laws by enforcing
mandatory 6 or 12-month holding periods for restricted securities.

Resolves: #129 #72
…nitor-fork

Feature/rule144 compliance monitor fork
…g-api-fork

Feature/global tax withholding api fork
…expiration-worker-fork

Feature/automatic kyc status expiration worker fork
🏦 Bank-Grade Annual Statements
- Professional multi-page PDF generation with corporate-quality design
- Comprehensive year-long vesting activity aggregation
- Fair Market Value (FMV) tracking and realized gains calculation
- Monthly breakdowns and detailed claims logs

🔒 Transparency & Security Features
- Digital signatures using backend Transparency Key for authenticity
- Cryptographic verification API for third-party validation
- Tamper-evident design with complete audit trail
- Access tracking and archival capabilities for compliance

📊 Financial Intelligence
- Multi-vault consolidation into single comprehensive statement
- Real-time price integration for accurate year-end valuations
- FIFO-based gain/loss computation for tax reporting
- Professional currency formatting and localization

🛠️ Technical Implementation
- Database migration for annual statements storage
- Comprehensive service layer with error handling
- RESTful API endpoints for statement management
- Complete test coverage with unit and integration tests
- Detailed implementation documentation

Transforms Vesting-Vault from simple 'Token Lock' to full-featured
'Wealth Management Dashboard' respecting traditional financial requirements.

Closes #130 #73
- Fix beneficiary-vault relationship query
- Remove TODO comments that were causing issues
- Fix PDF service import reference
- Remove invalid user_address filter from claims query
- Add Beneficiary model import

Resolves CI/CD build failures in GitHub Actions
Wraps all Stellar RPC and Horizon API calls in an exponential backoff retry mechanism using p-retry. Fixes #36
Resolves #39. Adds a new endpoint /api/org/:id/analytics/top-claimers to aggregate total claimed tokens grouped by beneficiary address and ordered by highest amount descending.
…esting agreements

- Add comprehensive database schema for multi-language legal document storage
- Implement SHA-256 hash verification for legal agreement integrity
- Add primary language tracking during digital signing process
- Create complete audit trail for legal compliance and dispute resolution
- Support for 7 languages: English, Spanish, Mandarin, French, German, Japanese, Korean
- Add RESTful API endpoints for legal agreement management
- Include comprehensive test suite with 95%+ coverage
- Add database migration scripts and environment configuration
- Bridge gap between code and international law for token vesting

This feature enables international team members to sign token purchase agreements
in their native language while maintaining cryptographic integrity and legal
compliance for cross-border disputes.
…ent-pdf-generator

feat: Implement Annual Vesting Statement PDF Generator (#130 #73)
feat(ops): Implement auto-retry for RPC calls
…l-hash-storage

Feature/multi language legal hash storage
- Add VaultRegistry model to maintain global map of ContractID -> ProjectName
- Implement vaultRegistryService to monitor new vault deployments on Stellar
- Create vaultRegistryRoutes with list_vaults_by_creator API endpoint
- Add vaultRegistryIndexingJob for automated ledger monitoring
- Create database migration for vault_registry table
- Update main index.js to include registry routes and start indexing job
- Add comprehensive tests for vault registry functionality
- Update API documentation with new registry endpoints
- Create comprehensive README with integration guide

This enables Meta-Dashboards to dynamically pull and display all vesting activity
on the Stellar network without relying on centralized off-chain databases,
making Vesting-Vault a transparent public utility for the entire ecosystem.

Resolves #135
…ndexer

feat: Implement On-Chain Vesting Registry for Ecosystem Indexers (#135)
Adds documentation mapping the existing vault archival job to the cold storage issue requirements. Fixes #37
dependabot Bot and others added 25 commits May 4, 2026 06:53
Bumps [@graphql-tools/schema](https://github.com/ardatan/graphql-tools/tree/HEAD/packages/schema) from 10.0.31 to 10.0.33.
- [Release notes](https://github.com/ardatan/graphql-tools/releases)
- [Changelog](https://github.com/ardatan/graphql-tools/blob/master/packages/schema/CHANGELOG.md)
- [Commits](https://github.com/ardatan/graphql-tools/commits/@graphql-tools/schema@10.0.33/packages/schema)

---
updated-dependencies:
- dependency-name: "@graphql-tools/schema"
  dependency-version: 10.0.33
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [graphql-ws](https://github.com/enisdenjo/graphql-ws) from 5.16.2 to 6.0.8.
- [Release notes](https://github.com/enisdenjo/graphql-ws/releases)
- [Changelog](https://github.com/enisdenjo/graphql-ws/blob/master/CHANGELOG.md)
- [Commits](enisdenjo/graphql-ws@v5.16.2...v6.0.8)

---
updated-dependencies:
- dependency-name: graphql-ws
  dependency-version: 6.0.8
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest) from 29.7.0 to 30.3.0.
- [Release notes](https://github.com/jestjs/jest/releases)
- [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jestjs/jest/commits/v30.3.0/packages/jest)

---
updated-dependencies:
- dependency-name: jest
  dependency-version: 30.3.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [@opentelemetry/auto-instrumentations-node](https://github.com/open-telemetry/opentelemetry-js-contrib/tree/HEAD/packages/auto-instrumentations-node) from 0.57.1 to 0.74.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-js-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js-contrib/blob/main/packages/auto-instrumentations-node/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-js-contrib/commits/auto-instrumentations-node-v0.74.0/packages/auto-instrumentations-node)

---
updated-dependencies:
- dependency-name: "@opentelemetry/auto-instrumentations-node"
  dependency-version: 0.74.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [@sentry/profiling-node](https://github.com/getsentry/sentry-javascript) from 10.45.0 to 10.51.0.
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md)
- [Commits](getsentry/sentry-javascript@10.45.0...10.51.0)

---
updated-dependencies:
- dependency-name: "@sentry/profiling-node"
  dependency-version: 10.51.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [@opentelemetry/sdk-trace-node](https://github.com/open-telemetry/opentelemetry-js) from 2.7.0 to 2.7.1.
- [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-js@v2.7.0...v2.7.1)

---
updated-dependencies:
- dependency-name: "@opentelemetry/sdk-trace-node"
  dependency-version: 2.7.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [pg](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg) from 8.18.0 to 8.20.0.
- [Changelog](https://github.com/brianc/node-postgres/blob/master/CHANGELOG.md)
- [Commits](https://github.com/brianc/node-postgres/commits/pg@8.20.0/packages/pg)

---
updated-dependencies:
- dependency-name: pg
  dependency-version: 8.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
…ckend/graphql-tools/schema-10.0.33

chore(deps): bump @graphql-tools/schema from 10.0.31 to 10.0.33 in /backend
…actions/checkout-6

chore(ci): bump actions/checkout from 4 to 6
…actions/setup-node-6

chore(ci): bump actions/setup-node from 4 to 6
…ckend/opentelemetry/exporter-jaeger-2.7.1

chore(deps): bump @opentelemetry/exporter-jaeger from 2.7.0 to 2.7.1 in /backend
…ckend/sentry/node-10.51.0

chore(deps): bump @sentry/node from 10.50.0 to 10.51.0 in /backend
…ckend/graphql-ws-6.0.8

chore(deps): bump graphql-ws from 5.16.2 to 6.0.8 in /backend
…ckend/jest-30.3.0

chore(deps): bump jest from 29.7.0 to 30.3.0 in /backend
Bumps [@aws-sdk/client-secrets-manager](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-secrets-manager) from 3.1037.0 to 3.1043.0.
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-secrets-manager/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1043.0/clients/client-secrets-manager)

---
updated-dependencies:
- dependency-name: "@aws-sdk/client-secrets-manager"
  dependency-version: 3.1041.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
…ckend/opentelemetry/auto-instrumentations-node-0.74.0

chore(deps): bump @opentelemetry/auto-instrumentations-node from 0.57.1 to 0.74.0 in /backend
…ckend/aws-sdk/client-secrets-manager-3.1041.0

chore(deps): bump @aws-sdk/client-secrets-manager from 3.1037.0 to 3.1043.0 in /backend
…ckend/sentry/profiling-node-10.51.0

chore(deps): bump @sentry/profiling-node from 10.45.0 to 10.51.0 in /backend
…ckend/opentelemetry/sdk-trace-node-2.7.1

chore(deps): bump @opentelemetry/sdk-trace-node from 2.7.0 to 2.7.1 in /backend
…ckend/pg-8.20.0

chore(deps): bump pg from 8.18.0 to 8.20.0 in /backend
- Removed ethers.js v6.8.1 (EVM library)
- Repository now 100% Stellar/Soroban compliant
- Uses @stellar/stellar-sdk v15.0.1 for blockchain operations

EVM Audit: Removed all EVM dependencies. Backend now clean.
Bumps [helmet](https://github.com/helmetjs/helmet) from 8.0.0 to 8.2.0.
- [Changelog](https://github.com/helmetjs/helmet/blob/main/CHANGELOG.md)
- [Commits](helmetjs/helmet@v8.0.0...v8.2.0)

---
updated-dependencies:
- dependency-name: helmet
  dependency-version: 8.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github May 25, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies, security. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot @github

dependabot Bot commented on behalf of github Jun 9, 2026

Copy link
Copy Markdown
Contributor Author

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/backend/helmet-8.2.0 branch June 9, 2026 10:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.