build(deps): update dependencies

[renovate]

Note: This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
@nomicfoundation/hardhat-network-helpers (source)	1.0.13 → 1.1.2					devDependencies	minor
@sentry/integrations (source)	7.120.3 → 7.120.4					dependencies	patch
@sentry/node (source)	7.120.3 → 7.120.4					dependencies	patch
@sentry/tracing (source)	7.120.3 → 7.120.4					dependencies	patch
@sentry/types (source)	7.120.3 → 7.120.4					devDependencies	patch
@sphereon/ssi-types	^0.11.0 → ^0.36.0					dependencies	minor
@types/cookie-parser (source)	1.4.9 → 1.4.10					devDependencies	patch
@types/express (source)	4.17.23 → 4.17.25					devDependencies	patch
@types/pako (source)	2.0.3 → 2.0.4					dependencies	patch
class-validator	0.14.2 → 0.14.3					dependencies	patch
compression	1.8.0 → 1.8.1					dependencies	patch
docker/login-action	v2.1.0 → v2.2.0					action	minor
docker/metadata-action	v4.3.0 → v4.6.0					action	minor
eslint-config-prettier	8.10.0 → 8.10.2					devDependencies	patch
ghcr.io/energywebfoundation/ssi-hub	v2.13.0 → v2.14.0						minor
graphql	16.11.0 → 16.12.0					dependencies	minor
hardhat (source)	2.25.0 → 2.28.3					devDependencies	minor
igabaydulin/helm-check-action	0.2.0 → 0.2.1					action	patch
ipfs (source)	^0.58.3 → ^0.66.0					devDependencies	minor
ipfsd-ctl	3.0.0 → 3.1.0					devDependencies	minor
jest (source)	30.0.4 → 30.2.0					devDependencies	minor
jsonwebtoken	9.0.2 → 9.0.3					dependencies	patch
mathieudutour/github-tag-action	v6.1 → v6.2					action	minor
ncipollo/release-action	v1.12.0 → v1.20.0					action	minor
passport (source)	^0.6.0 → ^0.7.0					dependencies	minor
passport-did-auth	2.1.0-dev.1329.0 → 2.1.0-dev.1346.0					dependencies	patch
pg (source)	8.16.3 → 8.17.1					dependencies	minor
reflect-metadata (source)	^0.1.13 → ^0.2.0					dependencies	minor
styfle/cancel-workflow-action	0.10.0 → 0.13.0					action	minor
styfle/cancel-workflow-action	0.11.0 → 0.13.0					action	minor
ts-jest (source)	29.4.0 → 29.4.6					devDependencies	patch
typedoc (source)	^0.23.6 → ^0.28.0					devDependencies	minor
winston	3.17.0 → 3.19.0					dependencies	minor

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Release Notes

NomicFoundation/hardhat (@​nomicfoundation/hardhat-network-helpers)

v1.1.2

Compare Source

v1.1.1

Compare Source

v1.1.0

Compare Source

Minor Changes

• 14b3042: Updated the minimal supported version of Node to v20 (#​6982)

getsentry/sentry-javascript (@​sentry/integrations)

v7.120.4

Compare Source

• fix(v7/cdn): Stop using Object.assign to be ES5 compatible (#​17080)

Sphereon-OpenSource/ssi-sdk (@​sphereon/ssi-types)

v0.36.0

Compare Source

Bug Fixes

• add verified data to the auth status response (1342ce4)
• allow ""; charset=UTF-8" in content types (OID4VP/SIOP) (655b5b3)
• builder fixes (ee98a3e)
• class-validator has changed behavior, so fixating to the older version (0f35c70)
• export datastore types (c2ed6fe)
• fix dcql presentation check (663555b)
• fixed dcql query payload assignment (ea643e4)
• linkhandler error handling when a link handling returns an error it was not properly cascaded (34a84d7)
• merge issues (693d8f0)
• removed unused interface from type (3635ad5)
• semver fix (1c8e8a9)
• We only mapped on configurationId values, whilst the branding was indexed by types, leading to branding not loading or being stored in some cases (abc1dfe)

Features

• Add support for VCDM2 SDJWT (322c421)
• added dcql presentation validation check (668150e)
• added module kms-rest-client (ddb3f69)
• added support for callbacks when creating auth requests (117ad37)
• implemented Universal OID4VP API spec (f633961)
• Merge crypto extension modules now the build process is faster and we have turbo. Means we will have consistent versions between SDK and crypto extension modules (6a366b9)
• updated siopv2-oid4vp-op-auth plugin to use OID4VP v1 (c1721a5)

v0.34.0

Compare Source

Bug Fixes

• Ensure we have a uniform verification result across the different VCDM credential providers (44037dd)
• experimental holder signing for JWT vc was not using the correct vc object (6f7f40b)
• validity policies (fdb5575)
• validity policies also allow validFrom, validUntil (9f10696)
• VCDM1 credentials were using VCDM2 presentations. Now it inspects the credentials first and then picks the most appropriate version (4b691dc)
• VCDM2 context was not taken into account (7765edb)

Features

• Add tsup for esm and cjs (1ff3959)
• Move to nx and fix a lot of tsconfig references in the process (9f634bd)
• Move to nx and fix a lot of tsconfig references in the process (08361fa)
• Move to nx and fix a lot of tsconfig references in the process (5e22c85)
• move to vitest (117285e)
• New digital credentials vc lib support (33881cd)
• Packages are now ESM and CJS. Move to tsup and turborepo (e68c8f7)
• Redesign of VCDM credential plugin. Now we have plugable providers, for JWT and JsonLD and a shiny new VCDM Credential Plugin using these providers. (67da208)
• VCDM 2 (0660005)
• VCDM 2 - JOSE implementation mostly supported (8e67307)

v0.33.0

Compare Source

Bug Fixes

• Do not retrieve AS metadata from store in case an external AS is used. Fetch from remote (7f46a5a)
• Do not retrieve AS metadata from store in case an external AS is used. Fetch from remote (99c3f8e)
• Do not try OIDF resolution on http:// urls (fe88114)
• Export branding functions (9a04ac4)
• Fixed merging issue (6fc5099)
• Fixed the encoded presentation creation (f8a8c17)
• Fixed type issues (c3754e6)
• Fixed type issues and updated oid4vc dependency (f919a29)
• Fixes to bit length handling and changing default length from 2 to 1 to have more compact lists and not all parties support multiple bits yet (f6d3940)
• Fixes to bit length handling and changing default length from 2 to 1 to have more compact lists and not all parties support multiple bits yet (90e82b6)
• Issue with credential local branding in Postgresql where a uuid column was compared with a varchar (2d51dd8)
• Issuer opts are not AS opts. Make sure we actually return issuer opts when requested (18b4ced)
• Make OID4VCI access token signer more resiliant (6e09be4)
• match jwk from jwt header by kid and load into JwtVerifyResult (84bbb0f)
• Removed local dependencies (a50eb33)
• Updated dependencies (2b871d5)
• Updated dependencies and fixed broken code (4982faa)
• Updated pnpm-lock.yaml (d2c23db)

Features

• add default hasher implementation (0a17930)
• Add oid4vci state store (56ec3e0)
• Add QR code generation to OID$VP Auth Request API (c9749f7)
• Add swagger Ui to the hosted context, so we have a swagger API per OID4VCI instance (4de300e)
• added first party flow to holder plugin (2f19e12)
• added sd-jwt vct metadata branding support (a21d812)
• Enabled Swagger UI on OID4VP instance endpoints below /api-docs (a6c9fb4)
• Improve status list handling and default status list handling (ab043c7)
• Initial credential configuration REST API to add new and remove existing credentials from OID4VCI (c120d45)
• Make sure we set default hasher implementations in case an app forgets to provide them (ad3a60d)

Reverts

• Revert "chore: reverted updateStatusListEntry for sd-jwt status lists" (7978dec)

v0.32.0

Compare Source

Bug Fixes

• Format mapping for PD (4e18635)
• run migrations when resetting the database (7891648)

Features

• Remove crypto.subtle as it is giving too many issues on RN. Moved to new implementation based on @​noble libs (d86e7fa)
• Validation improvements (b742fbe)

0.30.1 (2024-10-01)

Bug Fixes

• codecov (e5a7eb7)
• codecov (bc65177)
• fixes issuer signed flow (44dabf4)
• lerna version (789d4d5)

v0.31.0

Compare Source

Bug Fixes

• After dropping DB agent would throw exception as we removed the data source (ab9c1c8)
• check mdoc original are equal (804fb14)
• Fix broken tests (74e1d46)
• Fixed broken test cases (705edad)
• Fixed broken tests (56ce96f)
• Fixed the non-null expectation of the tests (f95af05)
• Fixed typos in the comments (485b689)
• getFederationTrust fix (2c02455)
• Implemented temporary cryptoServiceCallback verify function (6fe01f4)
• mdoc parsing (774aeeb)
• pass hasher to cvVerifySchema (a12b845)
• remove unused interfaces (954967a)
• resolution fixes (d1fddfc)
• return null as undefined in store DTO's (9d0e24b)

Features

• Add JARM response support (8e9cb20)
• add support for credential claim branding (1d5c7ce)
• added activity logs to eventlogger, plus fixed a bug on deleting parent of child credentials (91ce056)
• added additional issuer branding properties (c22d9d4)
• added dynamicRegistrationClientMetadata to issuer locale branding (aa98150)
• added issuer credential subject branding support (2caa509)
• added new module CredentialValidation (6464fac)
• added resource resolver plugin (68b88d8)
• added review contact state when contact has low level of trust (d2c6c75)
• added validation against vc schema and test cases for validating the vc against the schema plus some bugfixes. also made checking vc against the schema optional (b75f952)
• Created an issuer verification of an EBSI issued credential (333b395)
• Implemented OIDF client SDK plugin (31c8608)
• JWKS hosting for all keys when Sphereon Key Manager is used (1cac215)
• mdoc device response multiple documents (c9adac8)
• nx-cloud: setup nx cloud workspace (511af20)
• updated oid4vci-holder and siopv2-rp to use credential-validation module for verifying credentials. (87081e5)
• updated oid4vci-holder and siopv2-rp to use credential-validation module for verifying credentials. (b25b66e)
• upgrade oidf client package (3cfbcdf)

v0.30.1

Compare Source

Bug Fixes

• codecov (e5a7eb7)
• codecov (bc65177)
• fixes issuer signed flow (44dabf4)
• lerna version (789d4d5)

v0.29.0

Compare Source

Bug Fixes

• Doesn't make sense to always download issuer images, even if we already have it stored. Other stability improvements for image handling (b836ca1)
• Logger fixes (75b6925)

Features

• expose date(time) types per database. Also enhance the datasources capabilities (dd37e77)
• Remove dep on isomorphic-webcrypto (44331b8)
• update to new keyRefs instead of kids (e969b97)

v0.28.0

Compare Source

Bug Fixes

• Add ebsi plugin schema (422cf14)
• Ensure we always use the ES256 key for EBSI auth (be7dc15)
• Make sure we do not use the jwk thumbprint as kid default value when not in EBSI (c4a22aa)
• Make sure we do not use the jwk thumbprint as kid default value when not in EBSI (9a3bf56)
• Make sure we search for display and legal name based on issuer metadata name as well (9a4cafd)

Features

• Allow to pass in additional keys for EBSI (16aa9e2)

v0.27.0

Compare Source

Bug Fixes

• added a guard to check the issuerBranding (c6d8de2)
• extract PD name & purpose from definitionPayload (9573ced)
• fixed addIssuerBranding step (3008b11)
• fixed addIssuerBranding step after adding identity (17aa278)
• remove execution of loading env files (1937c14)

Features

• Add JWKS hosting per DID (70e41d7)
• added addIssuerBranding step to the vci machine (6fba515)
• added branding as an optional parameter to the party (0b46c70)
• Allow EBSI attestation client to be the start of a regular VCI flow (afffd39)
• Callback listeeners (fce3670)
• EBSI access token, attestation and DID support (bed66b4)
• EBSI DID registraiton/management (7195786)
• EBSI headless attestation credentials (6b6ad14)
• fixes after merge, modified some comment and prettier (daebd26)
• Get the authorization URL from a TI using a cloud/service wallet when requesting a particular attestation credential (222c4d4)
• implement Oid4VP authorization token support (5fdbd65)
• Introduce EBSI attestation service to get VCs, for instance to onboard (59f1809)
• Siopv2Holder module implementing xstate Siopv2Machine (7dd0651)

v0.26.0

Compare Source

Bug Fixes

• a bug in migration CreateContacts (0267460)
• a bug in selecting the type of the credential that we're going to request (c49b237)
• clientId fixes (4fc568b)
• clientId fixes (cad41fc)
• Fixed broken tests (d01859d)
• Make sure we import path/fs only when really needed for object-creation. Ensure we use agent-config plugin only in places it is needed (76b4f53)
• updated vci package and fixed getSupportedCredential function (780a377)
• updated version of vci and fixed the libs for it (ceb6074)
• updated version of vci and fixed the libs for it (de1d6aa)

Features

• Adapted the plugin to accept https urls, added tests and documentation about the changes (73ab5ae)
• allow default auth request options for VCI links/machines, like clientId and redirectUri (434196e)
• Allow to pass in options when emitting link handler events (0293342)
• Allow to pass in state for url handler handle methods, allowing a statemachine to continue, without database persistence (16e06e8)
• Run prettier (2a9be95)
• Support http(s) urls (b3cc812)
• Updated dependencies on the @​sphereon/oid4vci (00810ff)

v0.25.0

Compare Source

Bug Fixes

• Ensure logger is initialized early preventing potential issues when importing from other libraries (eae66f2)
• fix physical address building name validation (b3508c0)
• Order of static keys to ensure default namespace key is available when creating the default logger (dc56df2)
• removed not null constraint from the SQL statement that adds the origin column (95929d1)

Features

• (WIP) added ownerId, tenantId, and origin. (d9b8623)
• added pd-manager / pd-store (ed77532)
• added sd-jwt plugin (85d8aeb)
• Added the StudentEntity and refactored the migrations (fb36a51)

v0.24.0

Compare Source

Bug Fixes

• enum fixes (dc3fb0d)

Features

• added deactivateDidEndpoint function according to decentralized-identity's universal-registrar and renamed previous method as deleteDidEndpoint and marked it as deprecated (39a6601)
• expose contact manager methods for rest implementation (37bbfd2)
• updated oid4vci-holder to support full flow (63be076)

0.23.4 (2024-04-25)

Note: Version bump only for package @​sphereon/sphereon-sdk.workspace

0.23.2 (2024-04-25)

Note: Version bump only for package @​sphereon/sphereon-sdk.workspace

0.23.1 (2024-04-25)

Note: Version bump only for package @​sphereon/sphereon-sdk.workspace

v0.23.4

Compare Source

Note: Version bump only for package @​sphereon/sphereon-sdk.workspace

v0.23.0

Compare Source

Bug Fixes

• add PhysicalAddress migrations to postgres (afd441c)
• added default value to PartyType.origin (8b9d5d2)
• adjust PhysicalAddress postgres migration to follow code standards ([b85

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

npm warn cli npm v11.7.0 does not support Node.js v18.20.8. This version of npm supports the following node versions: `^20.17.0 || >=22.9.0`. You can find the latest version at https://nodejs.org/.
npm warn Unknown env config "store". This will stop working in the next major version of npm.
npm error code EBADENGINE
npm error engine Unsupported engine
npm error engine Not compatible with your version of node/npm: @nomicfoundation/[email protected]
npm error notsup Not compatible with your version of node/npm: @nomicfoundation/[email protected]
npm error notsup Required: {"node":">= 20"}
npm error notsup Actual:   {"node":"v18.20.8","npm":"11.7.0"}
npm error A complete log of this run can be found in: /runner/cache/others/npm/_logs/2026-01-15T05_07_40_066Z-debug-0.log