From e7867e5b42fedc1b270b8c87c697f34675e875d8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 27 May 2026 15:09:12 -0500 Subject: [PATCH 1/7] Bump SonarSource/sonarqube-scan-action from 8.0.0 to 8.1.0 (#4279) Bumps [SonarSource/sonarqube-scan-action](https://github.com/sonarsource/sonarqube-scan-action) from 8.0.0 to 8.1.0. - [Release notes](https://github.com/sonarsource/sonarqube-scan-action/releases) - [Commits](https://github.com/sonarsource/sonarqube-scan-action/compare/59db25f34e16620e48ab4bb9e4a5dce155cb5432...7006c4492b2e0ee0f816d36501671557c97f5995) --- updated-dependencies: - dependency-name: SonarSource/sonarqube-scan-action dependency-version: 8.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5e9cf949b..724fb674c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -62,7 +62,7 @@ jobs: name: code-coverage-ubuntu-latest-24.x path: coverage/ - name: SonarCloud Scan - uses: SonarSource/sonarqube-scan-action@59db25f34e16620e48ab4bb9e4a5dce155cb5432 # v5 + uses: SonarSource/sonarqube-scan-action@7006c4492b2e0ee0f816d36501671557c97f5995 # v5 if: ${{ github.actor != 'dependabot[bot]' }} with: projectBaseDir: ${{ matrix.project-root }} From dbc206984e97fa7107f95c4c99898d7b29abdc15 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 27 May 2026 20:12:33 +0000 Subject: [PATCH 2/7] Bump qs from 6.14.2 to 6.15.2 (#4278) Bumps [qs](https://github.com/ljharb/qs) from 6.14.2 to 6.15.2. - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](https://github.com/ljharb/qs/compare/v6.14.2...v6.15.2) --- updated-dependencies: - dependency-name: qs dependency-version: 6.15.2 dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index 1f9f97685..662c34bf5 100644 --- a/package-lock.json +++ b/package-lock.json @@ -19365,9 +19365,9 @@ } }, "node_modules/qs": { - "version": "6.14.2", - "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.2.tgz", - "integrity": "sha512-V/yCWTTF7VJ9hIh18Ugr2zhJMP01MY7c5kh4J870L7imm6/DIzBsNLTXzMwUA3yZ5b/KBqLx8Kp3uRvd7xSe3Q==", + "version": "6.15.2", + "resolved": "https://registry.npmjs.org/qs/-/qs-6.15.2.tgz", + "integrity": "sha512-Rzq0KEyX/w/tEybncDgdkZrJgVUsUMk3xjh3t5bv3S1HTAtg+uOYt72+ZfwiQwKdysThkTBdL/rTi6HDmX9Ddw==", "dev": true, "license": "BSD-3-Clause", "dependencies": { From 52b95fbc6262c2b24c7881bb06fa1e90e41cbb94 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 27 May 2026 20:15:51 +0000 Subject: [PATCH 3/7] Bump ts-jest from 29.4.9 to 29.4.11 (#4282) Bumps [ts-jest](https://github.com/kulshekhar/ts-jest) from 29.4.9 to 29.4.11. - [Release notes](https://github.com/kulshekhar/ts-jest/releases) - [Changelog](https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md) - [Commits](https://github.com/kulshekhar/ts-jest/compare/v29.4.9...v29.4.11) --- updated-dependencies: - dependency-name: ts-jest dependency-version: 29.4.11 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 16 ++++++++-------- package.json | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/package-lock.json b/package-lock.json index 662c34bf5..c2dce51de 100644 --- a/package-lock.json +++ b/package-lock.json @@ -46,7 +46,7 @@ "prettier": "^3.8.3", "rimraf": "^6.1.3", "rollup": "^4.22.4", - "ts-jest": "^29.4.9", + "ts-jest": "^29.4.11", "ts-node": "^10.9.2", "typedoc": "^0.28.19", "typedoc-plugin-markdown": "^3.17.1", @@ -21412,9 +21412,9 @@ } }, "node_modules/ts-jest": { - "version": "29.4.9", - "resolved": "https://registry.npmjs.org/ts-jest/-/ts-jest-29.4.9.tgz", - "integrity": "sha512-LTb9496gYPMCqjeDLdPrKuXtncudeV1yRZnF4Wo5l3SFi0RYEnYRNgMrFIdg+FHvfzjCyQk1cLncWVqiSX+EvQ==", + "version": "29.4.11", + "resolved": "https://registry.npmjs.org/ts-jest/-/ts-jest-29.4.11.tgz", + "integrity": "sha512-IrFl7l9AuB/qrNw5quqvAv/hmKMb8dhWOH4jQOGo0Oq8tCeo1O86/iTFG1FaRimgUkF13l4PcepO8ATFT6Ns4g==", "dev": true, "license": "MIT", "dependencies": { @@ -21424,7 +21424,7 @@ "json5": "^2.2.3", "lodash.memoize": "^4.1.2", "make-error": "^1.3.6", - "semver": "^7.7.4", + "semver": "^7.8.0", "type-fest": "^4.41.0", "yargs-parser": "^21.1.1" }, @@ -21465,9 +21465,9 @@ } }, "node_modules/ts-jest/node_modules/semver": { - "version": "7.7.4", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.4.tgz", - "integrity": "sha512-vFKC2IEtQnVhpT78h1Yp8wzwrf8CM+MzKMHGJZfBtzhZNycRFnXsHk6E5TxIkkMsgNS7mdX3AGB7x2QM2di4lA==", + "version": "7.8.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.8.1.tgz", + "integrity": "sha512-rkVq3IXh+4FDGch+KwzX3aV9W3kO54GyEgpvBzSyctDA6Xtd7RJQV1xmXbeQp5v7+VzLOfVqiutSE6GICgPFvg==", "dev": true, "license": "ISC", "bin": { diff --git a/package.json b/package.json index 365024da8..b8f6c578b 100644 --- a/package.json +++ b/package.json @@ -73,7 +73,7 @@ "prettier": "^3.8.3", "rimraf": "^6.1.3", "rollup": "^4.22.4", - "ts-jest": "^29.4.9", + "ts-jest": "^29.4.11", "ts-node": "^10.9.2", "typedoc": "^0.28.19", "typedoc-plugin-markdown": "^3.17.1", From 7a83d05e60b4c6f9513639e34e62e1557cae4ceb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 27 May 2026 20:18:52 +0000 Subject: [PATCH 4/7] Bump @nx/nx-win32-x64-msvc from 22.6.5 to 22.7.3 (#4281) Bumps [@nx/nx-win32-x64-msvc](https://github.com/nrwl/nx/tree/HEAD/packages/nx/native-packages/win32-x64-msvc) from 22.6.5 to 22.7.3. - [Release notes](https://github.com/nrwl/nx/releases) - [Commits](https://github.com/nrwl/nx/commits/22.7.3/packages/nx/native-packages/win32-x64-msvc) --- updated-dependencies: - dependency-name: "@nx/nx-win32-x64-msvc" dependency-version: 22.7.3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 11 +++++++---- package.json | 2 +- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index c2dce51de..741610159 100644 --- a/package-lock.json +++ b/package-lock.json @@ -15,6 +15,9 @@ "packages/browser", "packages/node" ], + "dependencies": { + "@nx/nx-win32-x64-msvc": "22.7.5" + }, "devDependencies": { "@inrupt/base-rollup-config": "^4.1.0", "@inrupt/eslint-config-base": "^4.1.0", @@ -56,7 +59,7 @@ "node": "^22.0.0 || ^24.0.0" }, "optionalDependencies": { - "@nx/nx-win32-x64-msvc": "^22.6.5", + "@nx/nx-win32-x64-msvc": "^22.7.5", "fsevents": "^2.3.2" } }, @@ -5492,9 +5495,9 @@ ] }, "node_modules/@nx/nx-win32-x64-msvc": { - "version": "22.6.5", - "resolved": "https://registry.npmjs.org/@nx/nx-win32-x64-msvc/-/nx-win32-x64-msvc-22.6.5.tgz", - "integrity": "sha512-i2QFBJIuaYg9BHxrrnBV4O7W9rVL2k0pSIdk/rRp3EYJEU93iUng+qbZiY9wh1xvmXuUCE2G7TRd+8/SG/RFKg==", + "version": "22.7.5", + "resolved": "https://registry.npmjs.org/@nx/nx-win32-x64-msvc/-/nx-win32-x64-msvc-22.7.5.tgz", + "integrity": "sha512-ngcMyHdBJ9FSz2nHdbZ7gtJlFq0O2b05sPAsVMkZ18CKzdaA1qrBDJfsMO49hPCny505eiT766+CkKdaCDl5kA==", "cpu": [ "x64" ], diff --git a/package.json b/package.json index b8f6c578b..6c7d360fd 100644 --- a/package.json +++ b/package.json @@ -80,7 +80,7 @@ "typescript": "^5.9.3" }, "optionalDependencies": { - "@nx/nx-win32-x64-msvc": "^22.6.5", + "@nx/nx-win32-x64-msvc": "^22.7.5", "fsevents": "^2.3.2" }, "engines": { From eeafe75cdaef812ec586eaf52f1609b16c666922 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 27 May 2026 20:23:05 +0000 Subject: [PATCH 5/7] Bump the external-types group with 2 updates (#4280) Bumps the external-types group with 2 updates: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) and [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react). Updates `@types/node` from 25.8.0 to 25.9.1 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `@types/react` from 19.2.14 to 19.2.15 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react) --- updated-dependencies: - dependency-name: "@types/node" dependency-version: 25.9.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: external-types - dependency-name: "@types/react" dependency-version: 19.2.15 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: external-types ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .../test-app/package.json | 4 ++-- package-lock.json | 23 ++++++++----------- packages/browser/package.json | 2 +- packages/node/package.json | 2 +- 4 files changed, 14 insertions(+), 17 deletions(-) diff --git a/e2e/browser/solid-client-authn-browser/test-app/package.json b/e2e/browser/solid-client-authn-browser/test-app/package.json index 33cd3e858..6455355e3 100644 --- a/e2e/browser/solid-client-authn-browser/test-app/package.json +++ b/e2e/browser/solid-client-authn-browser/test-app/package.json @@ -19,8 +19,8 @@ "devDependencies": { "@inrupt/eslint-config-lib": "^3.2.7", "@playwright/test": "^1.60.0", - "@types/node": "^25.8.0", - "@types/react": "^19.2.14", + "@types/node": "^25.9.1", + "@types/react": "^19.2.15", "@types/react-dom": "^19.2.3", "esbuild": "^0.28.0", "eslint": "^8.57.1", diff --git a/package-lock.json b/package-lock.json index 741610159..228925331 100644 --- a/package-lock.json +++ b/package-lock.json @@ -15,9 +15,6 @@ "packages/browser", "packages/node" ], - "dependencies": { - "@nx/nx-win32-x64-msvc": "22.7.5" - }, "devDependencies": { "@inrupt/base-rollup-config": "^4.1.0", "@inrupt/eslint-config-base": "^4.1.0", @@ -75,8 +72,8 @@ "devDependencies": { "@inrupt/eslint-config-lib": "^3.2.7", "@playwright/test": "^1.60.0", - "@types/node": "^25.8.0", - "@types/react": "^19.2.14", + "@types/node": "^25.9.1", + "@types/react": "^19.2.15", "@types/react-dom": "^19.2.3", "esbuild": "^0.28.0", "eslint": "^8.57.1", @@ -6718,9 +6715,9 @@ "license": "MIT" }, "node_modules/@types/node": { - "version": "25.8.0", - "resolved": "https://registry.npmjs.org/@types/node/-/node-25.8.0.tgz", - "integrity": "sha512-TCFSk8IZh+iLX1xtksoBVtdmgL+1IX0fC9BeU4QqFSuNdN/K+HUlhqOzEmSYYpZUVsLYcPqc9KX+60iDuninSQ==", + "version": "25.9.1", + "resolved": "https://registry.npmjs.org/@types/node/-/node-25.9.1.tgz", + "integrity": "sha512-xfrlY7UD5rMJk3ZVJP8BNzS28J36YJg+xp+LPXV1TdWxr8uMH5A860QNxYDGQe/ylDSgjxE52Q9VnO7p75tJxg==", "dev": true, "license": "MIT", "dependencies": { @@ -6756,9 +6753,9 @@ "license": "MIT" }, "node_modules/@types/react": { - "version": "19.2.14", - "resolved": "https://registry.npmjs.org/@types/react/-/react-19.2.14.tgz", - "integrity": "sha512-ilcTH/UniCkMdtexkoCN0bI7pMcJDvmQFPvuPvmEaYA/NSfFTAgdUSLAoVjaRJm7+6PvcM+q1zYOwS4wTYMF9w==", + "version": "19.2.15", + "resolved": "https://registry.npmjs.org/@types/react/-/react-19.2.15.tgz", + "integrity": "sha512-eRwcGNHve+E8qtEQSSRl6urh+rFop4v8gm6O8rGv25CodbvFdLjA1vVQ1KkiFE0w0UPOnb8tDiFKL5lp0rtY5Q==", "dev": true, "license": "MIT", "dependencies": { @@ -22729,7 +22726,7 @@ "uuid": "^14.0.0" }, "devDependencies": { - "@types/node": "^25.8.0", + "@types/node": "^25.9.1", "@types/uuid": "^11.0.0" } }, @@ -22817,7 +22814,7 @@ "uuid": "^14.0.0" }, "devDependencies": { - "@types/node": "^25.8.0", + "@types/node": "^25.9.1", "@types/uuid": "^11.0.0" }, "engines": { diff --git a/packages/browser/package.json b/packages/browser/package.json index 61355a784..91d831360 100644 --- a/packages/browser/package.json +++ b/packages/browser/package.json @@ -26,7 +26,7 @@ "build-docs-preview-site": "npm run build-api-docs; cd docs/api; make html" }, "devDependencies": { - "@types/node": "^25.8.0", + "@types/node": "^25.9.1", "@types/uuid": "^11.0.0" }, "dependencies": { diff --git a/packages/node/package.json b/packages/node/package.json index 8913f48f2..560c9e680 100644 --- a/packages/node/package.json +++ b/packages/node/package.json @@ -24,7 +24,7 @@ "build-docs-preview-site": "npm run build-api-docs; cd docs/api; make html" }, "devDependencies": { - "@types/node": "^25.8.0", + "@types/node": "^25.9.1", "@types/uuid": "^11.0.0" }, "dependencies": { From 9cec1d2548ad4fdd3b791378c4abc98513966b94 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 27 May 2026 15:54:23 -0500 Subject: [PATCH 6/7] Bump tmp from 0.2.5 to 0.2.7 (#4284) Bumps [tmp](https://github.com/raszi/node-tmp) from 0.2.5 to 0.2.7. - [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md) - [Commits](https://github.com/raszi/node-tmp/compare/v0.2.5...v0.2.7) --- updated-dependencies: - dependency-name: tmp dependency-version: 0.2.7 dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index 228925331..92e6652da 100644 --- a/package-lock.json +++ b/package-lock.json @@ -21301,9 +21301,9 @@ "license": "MIT" }, "node_modules/tmp": { - "version": "0.2.5", - "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.2.5.tgz", - "integrity": "sha512-voyz6MApa1rQGUxT3E+BK7/ROe8itEx7vD8/HEvt4xwXucvQ5G5oeEiHkmHZJuBO21RpOf+YYm9MOivj709jow==", + "version": "0.2.7", + "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.2.7.tgz", + "integrity": "sha512-e0votIpp4Uo2AJYSzVHV6xCcawuiez3DzqDAbrTc3YxBkplN6e+dM13ZeIcZnDg/QpSuU2zfZ3rzwY8ukEnaXw==", "dev": true, "license": "MIT", "engines": { From 81ee2163f26f588ebb02c2d945342a708a0e1f26 Mon Sep 17 00:00:00 2001 From: Aaron Coburn Date: Thu, 28 May 2026 07:35:09 -0500 Subject: [PATCH 7/7] Add helmet for use with the e2e express server (#4283) --- e2e/node/server/express.ts | 3 +++ package-lock.json | 14 ++++++++++++++ package.json | 1 + 3 files changed, 18 insertions(+) diff --git a/e2e/node/server/express.ts b/e2e/node/server/express.ts index 1ab8d520b..efdc62c5a 100644 --- a/e2e/node/server/express.ts +++ b/e2e/node/server/express.ts @@ -20,6 +20,7 @@ import cookieSession from "cookie-session"; import express from "express"; +import helmet from "helmet"; import type { ISessionOptions, SessionTokenSet, @@ -49,6 +50,8 @@ export function createApp( const sessionTokenSets = new Map(); const authStates = new Map(); + app.use(helmet()); + app.use( cookieSession({ keys: [`${Math.random()}`], diff --git a/package-lock.json b/package-lock.json index 92e6652da..783360e0a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -36,6 +36,7 @@ "eslint": "^9.28.0", "eslint-config-next": "^16.2.6", "express": "^5.2.1", + "helmet": "^8.2.0", "http-link-header": "^1.1.3", "jest": "^30.4.2", "jest-environment-jsdom": "^30.4.1", @@ -12121,6 +12122,19 @@ "node": ">= 0.4" } }, + "node_modules/helmet": { + "version": "8.2.0", + "resolved": "https://registry.npmjs.org/helmet/-/helmet-8.2.0.tgz", + "integrity": "sha512-DRgTIUgnWcJ62KyarxxziuqYxKGnR6Rgg19BlbucN/dpmJbl1XOit6qvoOX0ZT+HhWe5OUVhU/a1zpGyc1xA0Q==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=18.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/EvanHahn" + } + }, "node_modules/hermes-estree": { "version": "0.25.1", "dev": true, diff --git a/package.json b/package.json index 6c7d360fd..e8d270a44 100644 --- a/package.json +++ b/package.json @@ -63,6 +63,7 @@ "eslint": "^9.28.0", "eslint-config-next": "^16.2.6", "express": "^5.2.1", + "helmet": "^8.2.0", "http-link-header": "^1.1.3", "jest": "^30.4.2", "jest-environment-jsdom": "^30.4.1",